From e903ce1f3e46ef87800539462e0549181e37e456 Mon Sep 17 00:00:00 2001 From: Artem Boldariev Date: Fri, 9 Dec 2022 18:47:07 +0200 Subject: [PATCH] Extend the 'doth' system test with a Mutual TLS resumption check This commit adds a simple check to the 'doth' system test which ensures that session resumption when Mutual TLS is used works as expected. (cherry picked from commit d5d31c6ba15b42f797a8dab341a97f8f0f6aca1b) --- bin/tests/system/doth/tests.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/bin/tests/system/doth/tests.sh b/bin/tests/system/doth/tests.sh index 920d6af214..d22f0ef649 100644 --- a/bin/tests/system/doth/tests.sh +++ b/bin/tests/system/doth/tests.sh @@ -776,6 +776,16 @@ grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status + ret)) +# send two requests one after another so that session resumption will happen +n=$((n + 1)) +echo_i "checking DoH query (client certificate used - session resumption when using Mutual TLS) ($n)" +ret=0 +# shellcheck disable=SC2086 +dig_with_https_opts +https +tls-ca="$ca_file" +tls-certfile="./CA/certs/srv01.client01.example.com.pem" +tls-keyfile="./CA/certs/srv01.client01.example.com.key" -p "${EXTRAPORT6}" +comm @10.53.0.1 . SOA . SOA > dig.out.test$n +grep "TLS error" dig.out.test$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status + ret)) + test_opcodes() { EXPECT_STATUS="$1" shift