RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

REGTESTS: set_ssl_server_cert: cleanup the SSL caching option 

Replace the tune.ssl.cachesize 0 and the no-tls-tickets by a
no-ssl-reuse option on the server line.
This commit is contained in:
William Lallemand 2021-02-01 14:57:31 +01:00
parent a870a9cfdb
commit ff97edac3e
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
reg-tests/ssl/set_ssl_server_cert.vtc
View File

@ -20,7 +20,6 @@ haproxy h1 -conf {
tune.ssl.capture-cipherlist-size 1
stats socket "${tmpdir}/h1/stats" level admin
nbthread 1
tune.ssl.cachesize 0
defaults
mode http
@ -35,13 +34,13 @@ haproxy h1 -conf {
listen clear-lst
bind "fd@${clearlst}"
retries 0 # 2nd SSL connection must fail so skip the retry
server s1 "${tmpdir}/ssl.sock" ssl verify none crt ${testdir}/client1.pem
server s1 "${tmpdir}/ssl.sock" ssl verify none crt ${testdir}/client1.pem no-ssl-reuse
listen ssl-lst
# crt: certificate of the server
# ca-file: CA used for client authentication request
# crl-file: revocation list for client auth: the client1 certificate is revoked
bind "${tmpdir}/ssl.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/ca-auth.crt verify optional crt-ignore-err all crl-file ${testdir}/crl-auth.pem no-tls-tickets
bind "${tmpdir}/ssl.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/ca-auth.crt verify optional crt-ignore-err all crl-file ${testdir}/crl-auth.pem
acl cert_expired ssl_c_verify 10
acl cert_revoked ssl_c_verify 23