mirror of
https://github.com/isc-projects/bind9.git
synced 2026-03-12 05:32:42 -04:00
337943c047
This commit extends the 'doth' system test with a set of Strict/Mutual TLS related checks. This commit also makes each doth NS instance use its own TLS certificate that includes FQDN, IPv4, and IPv6 addresses, issued using a common Certificate Authority, instead of ad-hoc certs. Extend servers initialisation timeout to 60 seconds to improve the tests stability in the CI as certain configurations could fail to initialise on time under load. |
||
|---|---|---|
| .. | ||
| CA | ||
| ns1 | ||
| ns2 | ||
| ns3 | ||
| ns4 | ||
| .gitignore | ||
| clean.sh | ||
| conftest.py | ||
| dhparam3072.pem | ||
| example.axfr.good | ||
| example8.axfr.good | ||
| get_openssl_version.py | ||
| README.curl | ||
| setup.sh | ||
| stress_http_quota.py | ||
| tests.sh | ||
| tests_gnutls.py | ||
<!--
Copyright (C) Internet Systems Consortium, Inc. ("ISC")
SPDX-License-Identifier: MPL-2.0
This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0. If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.
See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
-->
DoH query values that can be passed on the command line for testing
with curl can be obtained by encoding binary DNS messages into
base64url, with trailing '='s removed.
For example:
$ perl bin/tests/system/fromhex.pl << EOF | base64url
# Transaction ID
0001
# Standard query
0000
# Questions: 1, Additional: 0
0001 0000 0000 0000
# QNAME: example
07 6578616d706c65 00
# Type: SOA
0006
Class: IN
0001
EOF
This produces the string "AAEAAAABAAAAAAAAB2V4YW1wbGUAAAbFrMonAAE=". With
the trailing '=' removed, this can then be passed to curl:
curl "https://<server>/dns-query?dns=AAEAAAABAAAAAAAAB2V4YW1wbGUAAAbFrMonAAE"