REGTESTS: ssl: Add test for "curves" and "ecdhe" SSL options

The "curves" and the older "ecdhe" SSL options that can be used to define a subset of curves than can be used in an SSL handshake were not tested in a regtest yet.
2025-04-23 15:35:40 +00:00 · 2022-02-08 17:45:55 +01:00 · 2022-02-08 17:45:55 +01:00 · eb561cefd4
commit eb561cefd4
parent ff4c3c4c9e
2 changed files with 162 additions and 0 deletions
--- a/reg-tests/ssl/client.ecdsa.pem
+++ b/reg-tests/ssl/client.ecdsa.pem
@ -0,0 +1,28 @@
 -----BEGIN CERTIFICATE-----
 MIIDPzCCAScCAQQwDQYJKoZIhvcNAQELBQAwPjELMAkGA1UEBhMCRlIxHTAbBgNV
 BAoMFEhBUHJveHkgVGVjaG5vbG9naWVzMRAwDgYDVQQDDAdSb290IENBMB4XDTIx
 MTEzMDExMDIwN1oXDTQ5MDQxNzExMDIwN1owWDELMAkGA1UEBhMCRlIxEzARBgNV
 BAgMClNvbWUtU3RhdGUxHTAbBgNVBAoMFEhBUHJveHkgVGVjaG5vbG9naWVzMRUw
 EwYDVQQDDAxFQ0RTQSBjbGllbnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQd
 LnaDhFB0RmWq5WQMdPuFXqjBNZutLQRZ5t+AJ1afpujuwr4G79Q0eZKeYyFHldq5
 PMQDBL69D285AsUbMT42MA0GCSqGSIb3DQEBCwUAA4ICAQACnqZefAYCf51Pxhwp
 NElVCzLFcrNfMnCcOxHkuaWjdWbKZi+G4PNIT0ghWgX4k5Gzjx6cVjNmWVkLnJxg
 r6fL31u+Edl9BLr6KKrh830EOK7jN62zySFVjd9sqqBPiEBnT+3OCI9sXWXWg5nB
 B00E6Ll2axwEVrQFIVYnTPC8CJyDvF1t1Jmw/caaiWWVVoUu7Zoq1kVzMCuj7aCO
 BmhvDh237+Cjkly829/Q41aKVBSQ6yDsds4uNceOpAcXOQ8A5ZXa2yearIttvvAz
 LHvXcJZD3h/23mnLQZWo3YisQb3u7O9iIpIXdxpbVHtJ6JvshmiFHTCNB9KG+q2W
 CltrL8lYu2bWzNT8CPJRa5CsFyolIi5fEOfVOWLHKYkOgb9h2hiI9hT9Ujg5H1vM
 d7AeqE+frF5dzxslcQ/wLQoUc+v4bfhh3ffeAdNul8bydoSu3Lq1nXWchNkE6rcg
 pN2uD0eLC1hAXvxi6kQPlutmFJ8yXHySEA5uCek2Kf7dxudqIRKShT7aDVw6pd6R
 ShX4dXTGEO4eBxTcooK4mYQhf+ivyTxfkACnML85C84hXPSoIffMk+Y+PMfNgW/2
 9OH6IwEq7+dSSsAlYweGnqznPCyVfpesMaQCoG3l+5Ciznt5/WA4Mh5HzLE2PE15
 VTEdimSkNohOKYdqQHA3mcH3Dg==
 -----END CERTIFICATE-----
 -----BEGIN EC PARAMETERS-----
 BggqhkjOPQMBBw==
 -----END EC PARAMETERS-----
 -----BEGIN EC PRIVATE KEY-----
 MHcCAQEEIAe2GvrgpqaNk1wzyawK9CJYQz4lTVLDyf5MtbDDMYrcoAoGCCqGSM49
 AwEHoUQDQgAEHS52g4RQdEZlquVkDHT7hV6owTWbrS0EWebfgCdWn6bo7sK+Bu/U
 NHmSnmMhR5XauTzEAwS+vQ9vOQLFGzE+Ng==
 -----END EC PRIVATE KEY-----
--- a/reg-tests/ssl/ssl_curves.vtc
+++ b/reg-tests/ssl/ssl_curves.vtc
@ -0,0 +1,134 @@
 #REGTEST_TYPE=devel
 # This reg-test checks the behaviour of the 'curves' and 'ecdhe' options on a
 # bind line.  Its main point is to ensure that the default curve used in
 # HAProxy is indeed prime256v1 (or P-256 depending on the curve's
 # representation). In order to check this, is uses two ssl frontends that have
 # different lists of accepted curves, one of them accepting this default curve
 # while the other one does not. A backend tries to connect to those two
 # frontends by using the default curve, and it should succeed in one case and
 # fail in the other.
 # For some strange reason, OpenSSL 1.0.2 does not behave the same way as later
 # versions when it comes to ECDH and curves related matters. Instead of trying
 # to make it work the same way as the other (more used) versions, we will
 # ignore it and disable this test on OpenSSL 1.0.2.
 # For the same reason, this test is disabled for other SSL libraries as well.
 #
 varnishtest "Test the 'curves' and 'ecdhe' options and default curve value"
 feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && ssllib_name_startswith(OpenSSL) && openssl_version_atleast(1.1.1)'"
 feature ignore_unknown_macro
 server s1 -repeat 2 {
  rxreq
  txresp
 } -start
 barrier b1 cond 2 -cyclic
 syslog Slg_cust_fmt -level info {
    recv
    expect ~ "ERROR.*conn_status:\"34:SSL handshake failure\" hsk_err:\".*wrong curve\".*"
    barrier b1 sync
    recv
    expect ~ "ERROR ECDHE.*conn_status:\"34:SSL handshake failure\" hsk_err:\".*wrong curve\".*"
 } -start
 haproxy h1 -conf {
    global
        tune.ssl.default-dh-param 2048
    defaults
        mode http
        option httpslog
        log stderr local0 debug err
        option logasap
        timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
        timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
        timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
        retries 0
    listen clear-lst
        bind "fd@${clearlst}"
        use_backend ssl-curves-be if { path /curves }
        use_backend ssl-ecdhe-521-be if { path /ecdhe-521 }
        use_backend ssl-ecdhe-256-be if { path /ecdhe-256 }
        default_backend ssl-be
    backend ssl-be
        server s1 "${tmpdir}/ssl1.sock" ssl verify none crt ${testdir}/client.ecdsa.pem force-tlsv12
    backend ssl-curves-be
        server s1 "${tmpdir}/ssl2.sock" ssl verify none crt ${testdir}/client.ecdsa.pem force-tlsv12
    backend ssl-ecdhe-256-be
        server s1 "${tmpdir}/ssl-ecdhe-256.sock" ssl verify none crt ${testdir}/client.ecdsa.pem force-tlsv12
    backend ssl-ecdhe-521-be
        server s1 "${tmpdir}/ssl-ecdhe-521.sock" ssl verify none crt ${testdir}/client.ecdsa.pem force-tlsv12
    listen ssl1-lst
        bind "${tmpdir}/ssl1.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional curves P-256:P-384
        server s1 ${s1_addr}:${s1_port}
    # The prime256v1 curve, which is used by default by a backend when no
    # 'curves' or 'ecdhe' option is specified, is not allowed on this listener
    listen ssl2-lst
        log ${Slg_cust_fmt_addr}:${Slg_cust_fmt_port} local0
        error-log-format "ERROR conn_status:\"%[fc_err]:%[fc_err_str]\" hsk_err:%{+Q}[ssl_fc_err_str]"
        bind "${tmpdir}/ssl2.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional curves P-384
        server s1 ${s1_addr}:${s1_port}
    listen ssl-ecdhe-521-lst
        log ${Slg_cust_fmt_addr}:${Slg_cust_fmt_port} local0
        error-log-format "ERROR ECDHE-521 conn_status:\"%[fc_err]:%[fc_err_str]\" hsk_err:%{+Q}[ssl_fc_err_str]"
        bind "${tmpdir}/ssl-ecdhe-521.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional ecdhe secp521r1
        server s1 ${s1_addr}:${s1_port}
    listen ssl-ecdhe-256-lst
        log ${Slg_cust_fmt_addr}:${Slg_cust_fmt_port} local0
        error-log-format "ERROR ECDHE-256 conn_status:\"%[fc_err]:%[fc_err_str]\" hsk_err:%{+Q}[ssl_fc_err_str]"
        bind "${tmpdir}/ssl-ecdhe-256.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional ecdhe prime256v1
        server s1 ${s1_addr}:${s1_port}
 } -start
 client c1 -connect ${h1_clearlst_sock} {
  txreq
  rxresp
  expect resp.status == 200
 } -run
 # The backend tries to use the prime256v1 curve that is not accepted by the
 # frontend so the handshake should fail.
 client c2 -connect ${h1_clearlst_sock} {
  txreq -url "/curves"
  rxresp
  expect resp.status == 503
 } -run
 barrier b1 sync
 # The backend tries to use the prime256v1 curve that is not accepted by the
 # frontend so the handshake should fail.
 client c3 -connect ${h1_clearlst_sock} {
  txreq -url "/ecdhe-521"
  rxresp
  expect resp.status == 503
 } -run
 client c4 -connect ${h1_clearlst_sock} {
  txreq -url "/ecdhe-256"
  rxresp
  expect resp.status == 200
 } -run
 syslog Slg_cust_fmt -wait