mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-01-24 06:22:44 +00:00
REGTESTS: add a new "ssl_alpn" test to test ALPN negotiation
This teg-test verifies that different ALPN values on the "server" line will negotiate the expected protocol depending on the ALPN "bind" line.
This commit is contained in:
parent
158c18e85a
commit
2e3c04a7c7
212
reg-tests/ssl/ssl_alpn.vtc
Normal file
212
reg-tests/ssl/ssl_alpn.vtc
Normal file
@ -0,0 +1,212 @@
|
||||
#REGTEST_TYPE=devel
|
||||
|
||||
# This teg-test verifies that different ALPN values on the "server" line
|
||||
# will negotiate the expected protocol depending on the ALPN "bind" line.
|
||||
# It requires OpenSSL >= 1.0.2 for ALPN
|
||||
|
||||
varnishtest "Test the bind 'alpn' setting"
|
||||
feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.8-dev7)'"
|
||||
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && openssl_version_atleast(1.0.2)'"
|
||||
feature ignore_unknown_macro
|
||||
|
||||
haproxy h1 -conf {
|
||||
global
|
||||
tune.ssl.default-dh-param 2048
|
||||
|
||||
defaults
|
||||
mode http
|
||||
option httplog
|
||||
log stderr local0 debug err
|
||||
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
||||
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
||||
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
||||
|
||||
listen px-clr
|
||||
bind "fd@${clearfe}"
|
||||
default-server ssl verify none
|
||||
|
||||
# first digit select the alpn sent by the client, second digit, the server one
|
||||
use-server s00 if { path /00 }
|
||||
server s00 "${tmpdir}/ssl0.sock"
|
||||
use-server s01 if { path /01 }
|
||||
server s01 "${tmpdir}/ssl1.sock"
|
||||
use-server s02 if { path /02 }
|
||||
server s02 "${tmpdir}/ssl2.sock"
|
||||
use-server s03 if { path /03 }
|
||||
server s03 "${tmpdir}/ssl3.sock"
|
||||
use-server s04 if { path /04 }
|
||||
server s04 "${tmpdir}/ssl4.sock"
|
||||
|
||||
use-server s10 if { path /10 }
|
||||
server s10 "${tmpdir}/ssl0.sock" alpn http/1.1
|
||||
use-server s11 if { path /11 }
|
||||
server s11 "${tmpdir}/ssl1.sock" alpn http/1.1
|
||||
use-server s12 if { path /12 }
|
||||
server s12 "${tmpdir}/ssl2.sock" alpn http/1.1
|
||||
use-server s13 if { path /13 }
|
||||
server s13 "${tmpdir}/ssl3.sock" alpn http/1.1
|
||||
use-server s14 if { path /14 }
|
||||
server s14 "${tmpdir}/ssl4.sock" alpn http/1.1
|
||||
|
||||
use-server s20 if { path /20 }
|
||||
server s20 "${tmpdir}/ssl0.sock" alpn h2
|
||||
use-server s21 if { path /21 }
|
||||
server s21 "${tmpdir}/ssl1.sock" alpn h2
|
||||
use-server s22 if { path /22 }
|
||||
server s22 "${tmpdir}/ssl2.sock" alpn h2
|
||||
use-server s23 if { path /23 }
|
||||
server s23 "${tmpdir}/ssl3.sock" alpn h2
|
||||
use-server s24 if { path /24 }
|
||||
server s24 "${tmpdir}/ssl4.sock" alpn h2
|
||||
|
||||
use-server s30 if { path /30 }
|
||||
server s30 "${tmpdir}/ssl0.sock" alpn h2,http/1.1
|
||||
use-server s31 if { path /31 }
|
||||
server s31 "${tmpdir}/ssl1.sock" alpn h2,http/1.1
|
||||
use-server s32 if { path /32 }
|
||||
server s32 "${tmpdir}/ssl2.sock" alpn h2,http/1.1
|
||||
use-server s33 if { path /33 }
|
||||
server s33 "${tmpdir}/ssl3.sock" alpn h2,http/1.1
|
||||
use-server s34 if { path /34 }
|
||||
server s34 "${tmpdir}/ssl4.sock" alpn h2,http/1.1
|
||||
|
||||
frontend fe-ssl
|
||||
bind "${tmpdir}/ssl0.sock" ssl crt ${testdir}/common.pem
|
||||
bind "${tmpdir}/ssl1.sock" ssl crt ${testdir}/common.pem alpn http/1.1
|
||||
bind "${tmpdir}/ssl2.sock" ssl crt ${testdir}/common.pem alpn h2
|
||||
bind "${tmpdir}/ssl3.sock" ssl crt ${testdir}/common.pem alpn h2,http/1.1
|
||||
bind "${tmpdir}/ssl4.sock" ssl crt ${testdir}/common.pem no-alpn
|
||||
http-request return status 200 hdr x-alpn _%[ssl_fc_alpn] hdr x-path %[path] hdr x-ver _%[req.ver]
|
||||
} -start
|
||||
|
||||
# client sends no alpn
|
||||
client c1 -connect ${h1_clearfe_sock} {
|
||||
txreq -url "/00"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_"
|
||||
expect resp.http.x-ver == "_1.1"
|
||||
|
||||
txreq -url "/01"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_"
|
||||
expect resp.http.x-ver == "_1.1"
|
||||
|
||||
txreq -url "/02"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_"
|
||||
expect resp.http.x-ver == "_1.1"
|
||||
|
||||
txreq -url "/03"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_"
|
||||
expect resp.http.x-ver == "_1.1"
|
||||
|
||||
txreq -url "/04"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_"
|
||||
expect resp.http.x-ver == "_1.1"
|
||||
} -run
|
||||
|
||||
# client sends alpn=http/1.1
|
||||
client c1 -connect ${h1_clearfe_sock} {
|
||||
txreq -url "/10"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_"
|
||||
expect resp.http.x-ver == "_1.1"
|
||||
|
||||
txreq -url "/11"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_http/1.1"
|
||||
expect resp.http.x-ver == "_1.1"
|
||||
|
||||
txreq -url "/12"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_"
|
||||
expect resp.http.x-ver == "_1.1"
|
||||
|
||||
txreq -url "/13"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_http/1.1"
|
||||
expect resp.http.x-ver == "_1.1"
|
||||
|
||||
txreq -url "/14"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_"
|
||||
expect resp.http.x-ver == "_1.1"
|
||||
} -run
|
||||
|
||||
# client sends alpn=h2
|
||||
client c1 -connect ${h1_clearfe_sock} {
|
||||
txreq -url "/20"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_"
|
||||
expect resp.http.x-ver == "_1.1"
|
||||
|
||||
txreq -url "/21"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_"
|
||||
expect resp.http.x-ver == "_1.1"
|
||||
|
||||
txreq -url "/22"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_h2"
|
||||
expect resp.http.x-ver == "_2.0"
|
||||
|
||||
txreq -url "/23"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_h2"
|
||||
expect resp.http.x-ver == "_2.0"
|
||||
|
||||
txreq -url "/24"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_"
|
||||
expect resp.http.x-ver == "_1.1"
|
||||
} -run
|
||||
|
||||
# client sends alpn=h2,http/1.1
|
||||
client c1 -connect ${h1_clearfe_sock} {
|
||||
txreq -url "/30"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_"
|
||||
expect resp.http.x-ver == "_1.1"
|
||||
|
||||
txreq -url "/31"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_http/1.1"
|
||||
expect resp.http.x-ver == "_1.1"
|
||||
|
||||
txreq -url "/32"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_h2"
|
||||
expect resp.http.x-ver == "_2.0"
|
||||
|
||||
txreq -url "/33"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_h2"
|
||||
expect resp.http.x-ver == "_2.0"
|
||||
|
||||
txreq -url "/34"
|
||||
rxresp
|
||||
expect resp.status == 200
|
||||
expect resp.http.x-alpn == "_"
|
||||
expect resp.http.x-ver == "_1.1"
|
||||
} -run
|
Loading…
Reference in New Issue
Block a user