upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-03-10 10:11:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/bin/tests/system/doth
History
Artem Boldariev 384c92880e Use FIPS compatible DH-param files 
When the tests were added, the files were generated without FIPS
compatibility in mind. That made the tests fail on recent OpenSSL
versions in FIPS mode.

So, the files were regenerated on a FIPS compliant system using the
following stanza:

$ openssl dhparam -out <file> 3072

Apparently, the old files are not valid for FIPS starting with OpneSSL
3.1.X release series as "FIPS 140-3 compliance changes" are mentioned
in the changelog:

https://openssl-library.org/news/openssl-3.1-notes/
2024-12-04 18:08:51 +02:00
..
CA Remove trailing whitespace from all text files 2023-06-13 15:05:40 +02:00
ns1 Add test for not-loading and not-transfering huge RRSets 2024-06-10 16:55:09 +02:00
ns2 Add a limit to the number of RRs in RRSets 2024-06-10 16:55:07 +02:00
ns3 Add a limit to the number of RRs in RRSets 2024-06-10 16:55:07 +02:00
ns4 Add a limit to the number of RRs in RRSets 2024-06-10 16:55:07 +02:00
ns5 Add a limit to the number of RRs in RRSets 2024-06-10 16:55:07 +02:00
.gitignore Extend the 'doth' system test with Strict/Mutual TLS checks 2022-03-28 16:22:53 +03:00
conftest.py Use isctest.run.cmd() helper function in tests 2024-05-14 11:45:55 +02:00
dhparam3072.pem Use FIPS compatible DH-param files 2024-12-04 18:08:51 +02:00
example.axfr.good Add examples of WALLET records 2024-09-25 10:32:38 +00:00
example8.axfr.good Add examples of WALLET records 2024-09-25 10:32:38 +00:00
get_openssl_version.py Use python3 in shebang lines for util scripts 2024-08-14 17:22:22 +02:00
prereq.sh Reformat shell scripts with shfmt 2023-10-26 10:23:50 +02:00
README.curl Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
setup.sh doth test: add a secondary NS instance that reuses a 'tls' entry 2023-12-06 16:01:20 +02:00
stress_http_quota.py Use python3 in shebang lines for util scripts 2024-08-14 17:22:22 +02:00
tests.sh Add a system test for #4572 2024-02-21 21:05:21 +02:00
tests_gnutls.py Replace clean.sh files with extra_artifacts mark 2024-11-08 10:54:24 +01:00
tests_sh_doth.py Replace clean.sh files with extra_artifacts mark 2024-11-08 10:54:24 +01:00
tests_sslyze.py Replace clean.sh files with extra_artifacts mark 2024-11-08 10:54:24 +01:00

README.curl 

<!--
Copyright (C) Internet Systems Consortium, Inc. ("ISC")

SPDX-License-Identifier: MPL-2.0

This Source Code Form is subject to the terms of the Mozilla Public
License, v. 2.0.  If a copy of the MPL was not distributed with this
file, you can obtain one at https://mozilla.org/MPL/2.0/.

See the COPYRIGHT file distributed with this work for additional
information regarding copyright ownership.
-->

DoH query values that can be passed on the command line for testing
with curl can be obtained by encoding binary DNS messages into
base64url, with trailing '='s removed.

For example:

$ perl bin/tests/system/fromhex.pl << EOF | base64url
    # Transaction ID
    0001
    # Standard query
    0000
    # Questions: 1, Additional: 0
    0001 0000 0000 0000
    # QNAME: example
    07 6578616d706c65 00
    # Type: SOA
    0006
    Class: IN
    0001
EOF

This produces the string "AAEAAAABAAAAAAAAB2V4YW1wbGUAAAbFrMonAAE=". With
the trailing '=' removed, this can then be passed to curl:

curl "https://<server>/dns-query?dns=AAEAAAABAAAAAAAAB2V4YW1wbGUAAAbFrMonAAE"