REGTESTS: server: test ssl support for dynamic servers
Create a new regtest to test SSL support for dynamic servers. The first step of the test is to create the ca-file via the CLI. Then a dynamic server is created with the ssl option using the ca-file. A client request is made through it to achieve the test.
This commit is contained in:
Amaury Denoyelle
parent
34897d2eff
commit
0ffad2d76c
|
|
@ -0,0 +1,63 @@
|
|||
varnishtest "Add server via cli with SSL activated"
|
||||
|
||||
feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.5-dev0)'"
|
||||
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL)'"
|
||||
feature cmd "command -v socat"
|
||||
feature ignore_unknown_macro
|
||||
|
||||
haproxy h1 -conf {
|
||||
global
|
||||
stats socket "${tmpdir}/h1/stats" level admin
|
||||
|
||||
defaults
|
||||
mode http
|
||||
timeout connect 1s
|
||||
timeout client 1s
|
||||
timeout server 1s
|
||||
|
||||
# proxy to attach a ssl server
|
||||
listen li-ssl
|
||||
bind "fd@${feSsl}"
|
||||
balance random
|
||||
|
||||
# frontend used to respond to ssl connection
|
||||
frontend fe-ssl-term
|
||||
bind "fd@${feSslTerm}" ssl crt ${testdir}/common.pem
|
||||
http-request return status 200
|
||||
} -start
|
||||
|
||||
### SSL SUPPORT
|
||||
# 1. first create a ca-file using CLI
|
||||
# 2. create an SSL server and use it
|
||||
|
||||
client c1 -connect ${h1_feSsl_sock} {
|
||||
txreq
|
||||
rxresp
|
||||
expect resp.status == 503
|
||||
} -run
|
||||
|
||||
shell {
|
||||
echo "new ssl ca-file common.pem" | socat "${tmpdir}/h1/stats" -
|
||||
printf "set ssl ca-file common.pem <<\n$(cat ${testdir}/common.pem)\n\n" | socat "${tmpdir}/h1/stats" -
|
||||
echo "commit ssl ca-file common.pem" | socat "${tmpdir}/h1/stats" -
|
||||
} -run
|
||||
|
||||
haproxy h1 -cli {
|
||||
send "show ssl ca-file common.pem"
|
||||
expect ~ ".*SHA1 FingerPrint: 9A6418E498C43EDBCF5DD3C4C6FCD1EE0D7A946D"
|
||||
}
|
||||
|
||||
haproxy h1 -cli {
|
||||
# non existent backend
|
||||
send "experimental-mode on; add server li-ssl/s1 ${h1_feSslTerm_addr}:${h1_feSslTerm_port} ssl ca-file common.pem verify none"
|
||||
expect ~ "New server registered."
|
||||
|
||||
send "enable server li-ssl/s1"
|
||||
expect ~ ".*"
|
||||
}
|
||||
|
||||
client c2 -connect ${h1_feSsl_sock} {
|
||||
txreq
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
} -run
|
||||
|
|
@ -0,0 +1 @@
|
|||
../ssl/common.pem
|
||||
Loading…
Reference in New Issue