Commit 0623a390 authored by Alexandre's avatar Alexandre
Browse files

Merge branch 'master' into streams

parents 4701e4b0 2244deb3
......@@ -245,8 +245,15 @@ class Request:
class RequestDoT(Request):
def check_response(self):
ok = self.ok
if not self.rcode:
self.ok = False
return False
if self.response.id != self.message.id:
raise Exception("The ID in the answer does not match the one in the query")
self.response = "The ID in the answer does not match the one in the query"
self.ok = False
return False
return self.ok
class RequestDoH(Request):
......@@ -311,6 +318,7 @@ class Connection:
self.insecure = insecure
self.forceIPv4 = forceIPv4
self.forceIPv6 = forceIPv6
self.connect_to = connect
def __str__(self):
return self.server
......@@ -384,6 +392,10 @@ class ConnectionDoT(Connection):
if self.verbose:
print("Cannot connect")
return False
except OpenSSL.SSL.Error as e:
if self.verbose:
print(f"OpenSSL error: {', '.join(err[0][2] for err in e.args)}")
return False
# RFC 7858, section 4.2 and appendix A
self.cert = self.session.get_peer_certificate()
self.publickey = self.cert.get_pubkey()
......@@ -618,7 +630,7 @@ def print_result(connection, request, prefix=None, display_err=True):
ok = False
print("%s Cannot find \"%s\" in response" % (server, expect))
sys.exit(STATE_CRITICAL)
if size is not None and size > 0:
if ok and size is not None and size > 0:
print("%s OK - %s" % (server, "No error for %s/%s, %i bytes received" % (name, rtype, size)))
else:
print("%s OK - %s" % (server, "No error"))
......@@ -626,6 +638,8 @@ def print_result(connection, request, prefix=None, display_err=True):
else:
if not monitoring:
if display_err:
if check:
print(connection.connect_to, end=': ', file=sys.stderr)
if prefix:
print(prefix, end=': ', file=sys.stderr)
if dot:
......@@ -687,7 +701,9 @@ def run_check_default(connection):
test_name, request, method, mandatory = request_pack
if verbose:
print(test_name)
if not dot:
if dot:
bundle = request
else:
if method == DOH_POST:
request.post = True
elif method == DOH_HEAD:
......@@ -695,8 +711,6 @@ def run_check_default(connection):
handle = connection.curl_handle
handle.prepare(handle, connection, request)
bundle = handle
else:
bundle = request
try:
connection.send_and_receive(bundle)
except CustomException as e:
......@@ -757,9 +771,22 @@ def run_check_trunc(connection):
error(e)
except OpenSSL.SSL.ZeroReturnError: # This is acceptable
return ok
request.check_response()
if print_result(connection, request, prefix=test_name, display_err=False): # The test must fail, or returns FORMERR.
ok = (request.rcode == dns.rcode.FORMERR)
except dns.exception.FormError: # This is also acceptable
# Some DSN resolvers will echo mangled requests with
# the RCODE set to FORMERR
# so response can not be parsed in this case
return ok
if request.check_response(): # FORMERR is expected
if dot:
ok = request.rcode == dns.rcode.FORMERR
else:
ok = (request.response.rcode() == dns.rcode.FORMERR)
else:
if dot:
ok = False
else: # a 400 response's status is acceptable
ok = (request.rcode >= 400 and request.rcode < 500)
print_result(connection, request, prefix=test_name, display_err=not ok)
return ok
def run_check_additionals(connection):
......
......@@ -10,6 +10,8 @@ config:
- "check: test related to the compliance option --check"
- "forceIPv4: test using the option -4"
- "forceIPv6: test using the option -6"
- "fail: mark test with a resolver currently failing our tests"
- "slow: test that need time to run"
tests:
- exe: './homer.py'
......@@ -66,7 +68,6 @@ tests:
- 'https://doh.bortzmeyer.fr/'
- 'ressources-pedagogiques.org'
retcode: 0
stderr: ''
stdout: "OK\n"
- exe: './homer.py'
......@@ -94,7 +95,7 @@ tests:
- 'https://doh.42l.fr/dns-query'
- 'ressources-pedagogiques.org'
retcode: 1
stderr: "Test HEAD: HTTP error 405: [No details]\n"
partstderr: "Test HEAD: HTTP error 405: [No details]\n"
stdout: "KO\n"
- exe: './homer.py'
......@@ -111,6 +112,33 @@ tests:
stderr: ''
stdout: "OK\n"
- exe: './homer.py'
name: "[doh][check] Successcul check"
markers:
- 'doh'
- 'check'
args:
- '--check'
- 'https://dns.google/dns-query'
- 'framagit.org'
stderr: ''
stdout: "OK\n"
- exe: './homer.py'
name: "[doh][fail][check] 502 Bad Gateway"
markers:
- 'doh'
- 'check'
- 'fail'
- 'slow'
timeout: 10
args:
- '--check'
- 'https://doh.42l.fr/dns-query'
- 'framagit.org'
partstderr: 'Test truncated data: HTTP error 502'
stdout: "KO\n"
- exe: './homer.py'
name: '[doh][check] Test that all the resolved IPs are tried, try a first IP'
markers:
......@@ -283,6 +311,7 @@ tests:
markers:
- 'dot'
- 'check'
- 'slow'
args:
- '-k'
- '--check'
......@@ -297,6 +326,7 @@ tests:
markers:
- 'dot'
- 'check'
- 'slow'
args:
- '-k'
- '--check'
......@@ -429,6 +459,7 @@ tests:
name: '[dot] Loop on all ips on connection error (brok.sources.org)'
markers:
- 'dot'
- 'slow'
timeout: 6
args:
- '--dot'
......@@ -444,6 +475,7 @@ tests:
markers:
- 'dot'
- 'forceIPv6'
- 'slow'
timeout: 6
args:
- '-6'
......@@ -496,6 +528,34 @@ tests:
retcode: 1
partstderr: 'Key error'
- exe: './homer.py'
name: '[dot][check] Resolver returning a malformed DNS message'
markers:
- 'dot'
- 'check'
- 'exception'
args:
- '--dot'
- '--check'
- 'dns.digitale-gesellschaft.ch'
- 'framagit.org'
retcode: 0
stderr: ''
stdout: "OK\n"
- exe: './homer.py'
name: '[dot][fail] Resolver with an invalid certificate'
markers:
- 'dot'
- 'fail'
args:
- '--dot'
- '-v'
- 'ns0.ldn-fai.net'
- 'framagit.org'
retcode: 1
partstdout: 'certificate verify failed'
################################################################################
# check_dot
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment