haproxy/reg-tests/ssl/issuers_chain_path.vtc

41 lines
1.2 KiB
Plaintext
Raw Normal View History

#REGTEST_TYPE=bug
# This reg-test checks if the 'issuers-chain-path' work correctly
#
varnishtest "Test the issuers-chain-path keyword"
feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.6)'"
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && openssl_version_atleast(1.1.1)'"
feature cmd "command -v openssl && command -v socat"
feature ignore_unknown_macro
haproxy h1 -conf {
global
stats socket "${tmpdir}/h1/stats" level admin
issuers-chain-path "${testdir}/issuers-chain-path/ca/"
crt-base "${testdir}/issuers-chain-path"
defaults
mode http
option httplog
log stderr local0 debug err
option logasap
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
frontend ssl-fe
bind "${tmpdir}/ssl.sock" ssl crt server.pem
http-request return status 200
} -start
# We should have two distinct ocsp responses known that were loaded at build time
haproxy h1 -cli {
send "show ssl cert ${testdir}/issuers-chain-path/server.pem"
expect ~ ".*Chain Filename.*"
send "show ssl cert ${testdir}/issuers-chain-path/server.pem"
expect ~ ".*Chain Subject.*"
}
haproxy h1 -wait