From daf11421df0db6a324433089d68c887e5da7fabe Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Mon, 10 Jan 2022 12:42:09 +0000 Subject: [PATCH] Add a test to query DoT using gnutls-cli Add a test to check BIND's DoT (DNS-over-TLS) implementation using gnutls-cli to confirm that it is compatibe with the GnuTLS library. --- bin/tests/system/conf.sh.in | 3 +++ bin/tests/system/doth/clean.sh | 1 + bin/tests/system/doth/example-soa-answer.good | Bin 0 -> 89 bytes .../system/doth/example-soa-request.saved | Bin 0 -> 38 bytes bin/tests/system/doth/tests.sh | 24 ++++++++++++++++++ configure.ac | 7 +++++ 6 files changed, 35 insertions(+) create mode 100644 bin/tests/system/doth/example-soa-answer.good create mode 100644 bin/tests/system/doth/example-soa-request.saved diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index fc5d264f98..54c339b8f4 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -114,6 +114,9 @@ SHELL=@SHELL@ # CURL will be empty if no program was found by configure CURL=@CURL@ +# GNUTLS_CLI will be empty if no program was found by configure +GNUTLS_CLI=@GNUTLS_CLI@ + # NC will be empty if no program was found by configure NC=@NC@ diff --git a/bin/tests/system/doth/clean.sh b/bin/tests/system/doth/clean.sh index b0fcfdf23f..b0915f53aa 100644 --- a/bin/tests/system/doth/clean.sh +++ b/bin/tests/system/doth/clean.sh @@ -20,5 +20,6 @@ rm -f ./*/named.memstats rm -f ./*/named.run rm -f ./*/named.run.prev rm -f ./dig.out.* +rm -f ./example-soa-*.test* rm -f ./*/example*.db rm -rf ./headers.* diff --git a/bin/tests/system/doth/example-soa-answer.good b/bin/tests/system/doth/example-soa-answer.good new file mode 100644 index 0000000000000000000000000000000000000000..d462dc684dbe19c85d872fe6330760c2359094a3 GIT binary patch literal 89 zcmZPwUvs3Dfq@YSfh2osMPhD2PAUTf8w2A39uUdE7}&s|&YV|lbbyB|Bfq#LH?g=R gwdep(uxpS3P!B5@ORsNWVBiyAV9;c_02BZM09$|&p#T5? literal 0 HcmV?d00001 diff --git a/bin/tests/system/doth/example-soa-request.saved b/bin/tests/system/doth/example-soa-request.saved new file mode 100644 index 0000000000000000000000000000000000000000..d5225b25153f709796ae57f8e208fa70cc33434d GIT binary patch literal 38 lcmZQjS#yL@fq{_$1Q^**g!&>EEmAy3;=(U1+M@A literal 0 HcmV?d00001 diff --git a/bin/tests/system/doth/tests.sh b/bin/tests/system/doth/tests.sh index a07e9a5849..e9bcb89405 100644 --- a/bin/tests/system/doth/tests.sh +++ b/bin/tests/system/doth/tests.sh @@ -582,5 +582,29 @@ if [ -n "$testcurl" ]; then status=$((status + ret)) fi +# check whether we can use gnutls-cli for sending test queries. +if [ -x "${GNUTLS_CLI}" ] ; then + GNUTLS_CLI_CHECK="$(${GNUTLS_CLI} --logfile=/dev/null 2>&1 | grep -i 'illegal option')" + + if [ -n "$GNUTLS_CLI_CHECK" ]; then + echo_i "The available version of gnutls-cli does not support the required features" + else + testgnutls=1 + fi +fi + +if [ -n "${testgnutls}" ] ; then + n=$((n + 1)) + echo_i "checking sending a DoT query using gnutls-cli ($n)" + ret=0 + # use gnutls-cli to query for 'example/SOA', + # use a timeout with a second empty `cat` because EOF in `stdin` + # causes gnutls-cli to disconnect without waiting for the answer + ( cat example-soa-request.saved && timeout 10 cat ) | "${GNUTLS_CLI}" --no-ca-verification --no-ocsp --alpn=dot --logfile=/dev/null --port=${TLSPORT} 10.53.0.1 > example-soa-answer.test$n 2>&1 + diff example-soa-answer.good example-soa-answer.test$n > /dev/null 2>&1 || ret=1 + if [ $ret != 0 ]; then echo_i "failed"; fi + status=$((status + ret)) +fi + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/configure.ac b/configure.ac index b525a080d6..580095ef75 100644 --- a/configure.ac +++ b/configure.ac @@ -1259,6 +1259,13 @@ AC_CONFIG_FILES([doc/doxygen/doxygen-input-filter], AC_PATH_PROG(CURL, curl, curl) AC_SUBST(CURL) +# +# Look for gnutls-cli +# + +AC_PATH_PROG([GNUTLS_CLI], [gnutls-cli], []) +AC_SUBST(GNUTLS_CLI) + # # Look for nc #