From 3afba25dade279ddd15bf9d3729acd1c108e211a Mon Sep 17 00:00:00 2001 From: Sara Dickinson Date: Wed, 23 Dec 2015 17:50:10 +0000 Subject: [PATCH] Update test case and changeling --- ChangeLog | 8 ++++++++ src/test/tests_transports.sh | 17 +++++++++++++---- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8d87442d..d7665bc7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,4 +1,12 @@ * + * Update of unofficial extension to the API that supports stub mode + TLS verification. GETDNS_AUTHENTICATION_HOSTNAME is replaced by + GETDNS_AUTHENTICATION_REQUIRED (but remains available as an alias). + Upstreams can now be configured with either a hostname or a SPKI pinset + for TLS authentication (or both). If the GETDNS_AUTHENTICATION_REQUIRED + option is used at least one piece of authentication information must be + configured for each upstream, and all the configured authentication + information for an upstream must validate. * Remove STARTTLS implementation (no change to SPEC) * Enable TCP Fast Open when possible. Add OSX support for TFO. * Rename return_call_debugging to return_call_reporting diff --git a/src/test/tests_transports.sh b/src/test/tests_transports.sh index 9cf7f79d..8c23b51f 100755 --- a/src/test/tests_transports.sh +++ b/src/test/tests_transports.sh @@ -3,6 +3,8 @@ DIR=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd ) SERVER_IP="8.8.8.8" TLS_SERVER_IP="185.49.141.38~getdnsapi.net" +TLS_SERVER_KEY="foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S=" +TLS_SERVER_WRONG_KEY="foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc1S=" GOOD_RESULT_SYNC="Status was: At least one response was returned" GOOD_RESULT_ASYNC="successfull" BAD_RESULT_SYNC="1 'Generic error'" @@ -59,26 +61,31 @@ usage () { echo " -s server configured for only TCP and UDP" echo " -t server configured for TLS, TCP and UDP" echo " (This must include the hostname e.g. 185.49.141.38~getdnsapi.net)" + echo " -k SPKI pin for server configured for TLS, TCP and UDP" } -while getopts ":p:s:t:dh" opt; do +while getopts ":p:s:t:k:dh" opt; do case $opt in d ) set -x ;; p ) DIR=$OPTARG ;; s ) SERVER_IP=$OPTARG ; echo "Setting server to $OPTARG" ;; t ) TLS_SERVER_IP=$OPTARG ; echo "Setting TLS server to $OPTARG" ;; + k ) TLS_SERVER_KEY=$OPTARG ; echo "Setting TLS server key to $OPTARG" ;; h ) usage ; exit ;; esac done TLS_SERVER_IP_NO_NAME=`echo ${TLS_SERVER_IP%~*}` echo $TLS_SERVER_IP_NO_NAME +TLS_SERVER_IP_WRONG_NAME=`echo ${TLS_SERVER_IP::${#TLS_SERVER_IP}-1}` GOOD_QUERIES=( "-s -A -q getdnsapi.net -l U @${SERVER_IP} " "-s -A -q getdnsapi.net -l T @${SERVER_IP} " "-s -A -q getdnsapi.net -l L @${TLS_SERVER_IP_NO_NAME}" -"-s -A -q getdnsapi.net -l L -m @${TLS_SERVER_IP}") +"-s -A -q getdnsapi.net -l L -m @${TLS_SERVER_IP}" +"-s -A -q getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" +"-s -A -q getdnsapi.net -l L -m @${TLS_SERVER_IP} -K pin-sha256=\"${TLS_SERVER_KEY}\"") GOOD_FALLBACK_QUERIES=( "-s -A -q getdnsapi.net -l LT @${SERVER_IP}" @@ -89,8 +96,10 @@ GOOD_FALLBACK_QUERIES=( "-s -G -q DNSKEY getdnsapi.net -l UT @${SERVER_IP} -b 512 -D") NOT_AVAILABLE_QUERIES=( -"-s -A -q getdnsapi.net -l L @${SERVER_IP} " -"-s -A -q getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME} " +"-s -A -q getdnsapi.net -l L @${SERVER_IP}" +"-s -A -q getdnsapi.net -l L -m @${TLS_SERVER_IP_WRONG_NAME}" +"-s -A -q getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME}" +"-s -A -q getdnsapi.net -l L -m @${TLS_SERVER_IP_NO_NAME} ${TLS_SERVER_WRONG_KEY}" "-s -G -q DNSKEY getdnsapi.net -l U @${SERVER_IP} -b 512 -D") echo "Starting transport test"