Add a test to query DoT using gnutls-cli

Add a test to check BIND's DoT (DNS-over-TLS) implementation using gnutls-cli to confirm that it is compatibe with the GnuTLS library.
2022-01-10 12:42:09 +00:00
parent 6f457c5121
commit daf11421df
6 changed files with 35 additions and 0 deletions
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -114,6 +114,9 @@ SHELL=@SHELL@
 # CURL will be empty if no program was found by configure
 CURL=@CURL@

+# GNUTLS_CLI will be empty if no program was found by configure
+GNUTLS_CLI=@GNUTLS_CLI@
+
 # NC will be empty if no program was found by configure
 NC=@NC@

--- a/bin/tests/system/doth/clean.sh
+++ b/bin/tests/system/doth/clean.sh
@@ -20,5 +20,6 @@ rm -f ./*/named.memstats
 rm -f ./*/named.run
 rm -f ./*/named.run.prev
 rm -f ./dig.out.*
+rm -f ./example-soa-*.test*
 rm -f ./*/example*.db
 rm -rf ./headers.*
--- a/bin/tests/system/doth/example-soa-answer.good
+++ b/bin/tests/system/doth/example-soa-answer.good
--- a/bin/tests/system/doth/example-soa-request.saved
+++ b/bin/tests/system/doth/example-soa-request.saved
--- a/bin/tests/system/doth/tests.sh
+++ b/bin/tests/system/doth/tests.sh
@@ -582,5 +582,29 @@ if [ -n "$testcurl" ]; then
 	status=$((status + ret))
 fi

+# check whether we can use gnutls-cli for sending test queries.
+if [ -x "${GNUTLS_CLI}" ] ; then
+	GNUTLS_CLI_CHECK="$(${GNUTLS_CLI} --logfile=/dev/null 2>&1 | grep -i 'illegal option')"
+
+	if [ -n "$GNUTLS_CLI_CHECK" ]; then
+		echo_i "The available version of gnutls-cli does not support the required features"
+	else
+		testgnutls=1
+	fi
+fi
+
+if [ -n "${testgnutls}" ] ; then
+	n=$((n + 1))
+	echo_i "checking sending a DoT query using gnutls-cli ($n)"
+	ret=0
+	# use gnutls-cli to query for 'example/SOA',
+	# use a timeout with a second empty `cat` because EOF in `stdin`
+	# causes gnutls-cli to disconnect without waiting for the answer
+	( cat example-soa-request.saved && timeout 10 cat ) | "${GNUTLS_CLI}" --no-ca-verification --no-ocsp --alpn=dot --logfile=/dev/null --port=${TLSPORT} 10.53.0.1 > example-soa-answer.test$n 2>&1
+	diff example-soa-answer.good example-soa-answer.test$n > /dev/null 2>&1 || ret=1
+	if [ $ret != 0 ]; then echo_i "failed"; fi
+	status=$((status + ret))
+fi
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
--- a/configure.ac
+++ b/configure.ac
@@ -1259,6 +1259,13 @@ AC_CONFIG_FILES([doc/doxygen/doxygen-input-filter],
 AC_PATH_PROG(CURL, curl, curl)
 AC_SUBST(CURL)

+#
+# Look for gnutls-cli
+#
+
+AC_PATH_PROG([GNUTLS_CLI], [gnutls-cli], [])
+AC_SUBST(GNUTLS_CLI)
+
 #
 # Look for nc
 #