From bd033f92fdf2677fddcc420f1e047fb5ec93bdc6 Mon Sep 17 00:00:00 2001
From: Artem Boldariev <artem@boldariev.com>
Date: Wed, 17 Aug 2022 13:19:32 +0300
Subject: [PATCH 1/4] DIG: fix handling of +http-plain-{get, post} options

Support for parsing +http-plain-get and +http-plain-post options was
broken. This commit fixes that.

(cherry picked from commit fb135867644684a21d79bc3a5cebe3c83217a221)
---
 bin/dig/dig.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index c23b96e7f6..afa6761718 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -1558,12 +1558,12 @@ plus_option(char *option, bool is_batchfile, bool *need_clone,
 					FULLCHECK("http-plain");
 					break;
 				case '-':
-					switch (cmd[6]) {
+					switch (cmd[11]) {
 					case 'p':
-						FULLCHECK("https-plain-post");
+						FULLCHECK("http-plain-post");
 						break;
 					case 'g':
-						FULLCHECK("https-plain-get");
+						FULLCHECK("http-plain-get");
 						lookup->https_get = true;
 						break;
 					}

From 3c4d6c4ee05d3f98a3079d05db836ab0616c106f Mon Sep 17 00:00:00 2001
From: Artem Boldariev <artem@boldariev.com>
Date: Wed, 17 Aug 2022 17:35:28 +0300
Subject: [PATCH 2/4] DIG: mark HTTP GET method in output

This commit makes dig mark the usage of HTTP(S) GET protocol usage in
its output.

(cherry picked from commit f86d8c62b01a7ae88a3543ba85c41834e64d011a)
---
 bin/dig/dig.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/bin/dig/dig.c b/bin/dig/dig.c
index afa6761718..4c62d0c5f9 100644
--- a/bin/dig/dig.c
+++ b/bin/dig/dig.c
@@ -365,9 +365,11 @@ received(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query) {
 			proto = "TLS";
 		} else if (query->lookup->https_mode) {
 			if (query->lookup->http_plain) {
-				proto = "HTTP";
+				proto = query->lookup->https_get ? "HTTP-GET"
+								 : "HTTP";
 			} else {
-				proto = "HTTPS";
+				proto = query->lookup->https_get ? "HTTPS-GET"
+								 : "HTTPS";
 			}
 		} else if (query->lookup->tcp_mode) {
 			proto = "TCP";

From c8e551299c5fad9630f77df267c4edb4ae22a9b3 Mon Sep 17 00:00:00 2001
From: Artem Boldariev <artem@boldariev.com>
Date: Wed, 17 Aug 2022 17:36:50 +0300
Subject: [PATCH 3/4] Modify the doth system test to verify HTTP method usage

Before the commit some checks in the system test would try to verify
that different HTTP methods can be used and are functional. However,
until recently, it was not possible to tell from the output which
method was in fact used, so it turned out that +http-plain-get option
is broken.

This commit add the additional checks to prevent that from happening
in the future.

(cherry picked from commit 625991c810b4086a5fbfc48ecb54974f6b6e3f9a)
---
 bin/tests/system/doth/tests.sh | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/bin/tests/system/doth/tests.sh b/bin/tests/system/doth/tests.sh
index 35f6799814..920d6af214 100644
--- a/bin/tests/system/doth/tests.sh
+++ b/bin/tests/system/doth/tests.sh
@@ -344,16 +344,18 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query (POST) ($n)"
 ret=0
-dig_with_https_opts @10.53.0.1 . SOA > dig.out.test$n
+dig_with_https_opts +stat @10.53.0.1 . SOA > dig.out.test$n
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+grep -F "(HTTPS)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
 n=$((n + 1))
 echo_i "checking DoH query via IPv6 (POST) ($n)"
 ret=0
-dig_with_https_opts -6 @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
+dig_with_https_opts +stat -6 @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+grep -F "(HTTPS)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
@@ -416,16 +418,18 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking DoH query (GET) ($n)"
 ret=0
-dig_with_https_opts +https-get @10.53.0.1 . SOA > dig.out.test$n
+dig_with_https_opts +stat +https-get @10.53.0.1 . SOA > dig.out.test$n
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+grep -F "(HTTPS-GET)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
 n=$((n + 1))
 echo_i "checking DoH query via IPv6 (GET) ($n)"
 ret=0
-dig_with_https_opts -6 +https-get @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
+dig_with_https_opts -6 +stat +https-get @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+grep -F "(HTTPS-GET)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
@@ -488,32 +492,36 @@ status=$((status + ret))
 n=$((n + 1))
 echo_i "checking unencrypted DoH query (POST) ($n)"
 ret=0
-dig_with_http_opts @10.53.0.1 . SOA > dig.out.test$n
+dig_with_http_opts +stat @10.53.0.1 . SOA > dig.out.test$n
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+grep -F "(HTTP)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
 n=$((n + 1))
 echo_i "checking unencrypted DoH query via IPv6 (POST) ($n)"
 ret=0
-dig_with_http_opts -6 @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
+dig_with_http_opts -6 +stat @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+grep -F "(HTTP)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
 n=$((n + 1))
 echo_i "checking unencrypted DoH query (GET) ($n)"
 ret=0
-dig_with_http_opts +http-plain-get @10.53.0.1 . SOA > dig.out.test$n
+dig_with_http_opts +stat +http-plain-get @10.53.0.1 . SOA > dig.out.test$n
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+grep -F "(HTTP-GET)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
 n=$((n + 1))
 echo_i "checking unencrypted DoH query via IPv6 (GET) ($n)"
 ret=0
-dig_with_http_opts -6 +http-plain-get @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
+dig_with_http_opts -6 +stat +http-plain-get @fd92:7065:b8e:ffff::1 . SOA > dig.out.test$n
 grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+grep -F "(HTTP-GET)" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 

From 31435f7bc544e8705c158c23c8fcd87edd43598b Mon Sep 17 00:00:00 2001
From: Artem Boldariev <artem@boldariev.com>
Date: Wed, 17 Aug 2022 13:34:52 +0300
Subject: [PATCH 4/4] Modify CHANGES (+http-plain-{get, post} support fix in
 dig)

This commit modifies the CHANGES file to mention that +http-plain-get
and +http-plain-post options support in dig was fixed.

(cherry picked from commit 0ab40c223b524b2d65a2b67a2eb76f4d63fbfb3e)
---
 CHANGES | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGES b/CHANGES
index 54bd5d6138..5506ab973a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+5944.	[bug]		Fix +http-plain-get and +http-plain-post options
+			support in dig. Thanks to Marco Davids at SIDN for
+			reporting the problem. [GL !6672]
+
 5942.	[bug]		Fix tkey.c:buildquery() function's error handling by
 			adding the missing cleanup code. [GL #3492]