Add "protocols" options to the "tls" clause

This commit adds the ability to specify allowed TLS protocols versions
within the "tls" clause. If an unsupported TLS protocol version is
specified in a file, the configuration file will not pass
verification.

Also, this commit adds strict checks for "tls" clauses verification,
in particular:

- it ensures that loading configuration files containing duplicated
"tls" clauses is not allowed;

- it ensures that loading configuration files containing "tls" clauses
missing "cert-file" or "key-file" is not allowed;

- it ensures that loading configuration files containing "tls" clauses
named as "ephemeral" or "none" is not allowed.

bin/tests/system/checkconf/bad-dot-badprotocol.conf

@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+tls local-tls {
+	key-file "key.pem";
+	cert-file "cert.pem";
+	protocols { unknown; TLSv1.2; }; # bad TLS protocol version name
+};
+
+options {
+	listen-on port 853 tls local-tls { 10.53.0.1; };
+};

bin/tests/system/checkconf/bad-dot-duplicatetls.conf

@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+tls local-tls {
+	key-file "key.pem";
+	cert-file "cert.pem";
+};
+
+tls local-tls {
+	key-file "key.pem";
+	cert-file "cert.pem";
+};
+
+options {
+	listen-on port 853 tls local-tls { 10.53.0.1; };
+};

bin/tests/system/checkconf/bad-dot-ephemeral.conf

@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+# ephemeral is reserved for internal use
+tls ephemeral {
+	key-file "key.pem";
+	cert-file "cert.pem";
+};
+
+options {
+	listen-on port 853 tls ephemeral { 10.53.0.1; };
+};

bin/tests/system/checkconf/bad-dot-nocert.conf

@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+tls local-tls {
+	key-file "key.pem";
+};
+
+http local-http-server {
+	endpoints { "/dns-query"; };
+	listener-clients 100;
+	streams-per-connection 100;
+};
+
+options {
+	listen-on { 10.53.0.1; };
+	http-port 80;
+	https-port 443;
+	http-listener-clients 100;
+	http-streams-per-connection 100;
+	listen-on port 443 tls local-tls http local-http-server { 10.53.0.1; };
+	listen-on port 8080 tls none http local-http-server { 10.53.0.1; };
+};

bin/tests/system/checkconf/bad-dot-nokey.conf

@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+tls local-tls {
+	cert-file "cert.pem";
+};
+
+http local-http-server {
+	endpoints { "/dns-query"; };
+	listener-clients 100;
+	streams-per-connection 100;
+};
+
+options {
+	listen-on { 10.53.0.1; };
+	http-port 80;
+	https-port 443;
+	http-listener-clients 100;
+	http-streams-per-connection 100;
+	listen-on port 443 tls local-tls http local-http-server { 10.53.0.1; };
+	listen-on port 8080 tls none http local-http-server { 10.53.0.1; };
+};

bin/tests/system/checkconf/bad-dot-none.conf

@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+# none is reserved for internal use
+tls none {
+	key-file "key.pem";
+	cert-file "cert.pem";
+};
+
+options {
+	listen-on port 853 tls none { 10.53.0.1; };
+};

bin/tests/system/checkconf/good-doh-tlsopts.conf

@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+tls local-tls {
+	protocols { TLSv1.2; };
+	key-file "key.pem";
+	cert-file "cert.pem";
+};
+
+http local-http-server {
+	endpoints { "/dns-query"; };
+	listener-clients 100;
+	streams-per-connection 100;
+};
+
+options {
+	listen-on { 10.53.0.1; };
+	http-port 80;
+	https-port 443;
+	http-listener-clients 100;
+	http-streams-per-connection 100;
+	listen-on port 443 tls local-tls http local-http-server { 10.53.0.1; };
+	listen-on port 8080 tls none http local-http-server { 10.53.0.1; };
+};

bin/tests/system/checkconf/good-dot-tlsopts.conf

@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+tls local-tls {
+	protocols { TLSv1.2; };
+	key-file "key.pem";
+	cert-file "cert.pem";
+};
+
+options {
+	listen-on port 853 tls local-tls { 10.53.0.1; };
+};