William Lallemand
|
61b6a4da6c
|
REGTESTS: ssl: skip generate-certificates test w/ wolfSSL
WolfSSL does not seem to work correctly with the generate-certificates
features. This patch disables it temporarly.
ssl-max-ver TLSv1.2 seems to be a problem in the reg-test and
wolfSSL but without it it's not able to generate correctly the cert:
*** h1 debug|00000004:clear-lst.accept(0007)=0028 from [127.0.0.1:35956] ALPN=<none>
*** h1 debug|00000004:clear-lst.clireq[0028:ffffffff]: GET / HTTP/1.1
*** h1 debug|00000004:clear-lst.clihdr[0028:ffffffff]: x-sni: unknown-sni.com
*** h1 debug|00000004:clear-lst.clihdr[0028:ffffffff]: host: 127.0.0.1
*** h1 debug|fd[0x29] OpenSSL error[0x13d] : need the private key
*** h1 debug|<134>Sep 20 15:42:58 haproxy[165743]: unix:1 [20/Sep/2023:15:42:58.042] ssl-lst/1: SSL handshake failure (need the private key)
**** dT 1.072
*** h1 debug|fd[0x2a] OpenSSL error[0x13d] : need the private key
*** h1 debug|<134>Sep 20 15:42:59 haproxy[165743]: unix:1 [20/Sep/2023:15:42:59.044] ssl-lst/1: SSL handshake failure (need the private key)
**** dT 2.075
*** h1 debug|fd[0x29] OpenSSL error[0x13d] : need the private key
*** h1 debug|<134>Sep 20 15:43:00 haproxy[165743]: unix:1 [20/Sep/2023:15:43:00.046] ssl-lst/1: SSL handshake failure (need the private key)
**** dT 3.079
*** h1 debug|fd[0x29] OpenSSL error[0x13d] : need the private key
*** h1 debug|<134>Sep 20 15:43:01 haproxy[165743]: unix:1 [20/Sep/2023:15:43:01.050] ssl-lst/1: SSL handshake failure (need the private key)
**** dT 3.080
*** h1 debug|00000004:default_backend.clicls[0028:0023]
*** h1 debug|00000004:default_backend.closed[0028:0023]
*** h1 debug|<134>Sep 20 15:43:01 haproxy[165743]: 127.0.0.1:35956 [20/Sep/2023:15:42:58.042] clear-lst default_backend/s1 0/0/-1/-1/+3009 503 +217 - - SC-- 3/1/0/0/3 0/0 "GET / HTTP/1.1" 0/-/-/-/0 -/-/-
**** c3 rxhdr|HTTP/1.1 503 Service Unavailable\r
**** c3 rxhdr|content-length: 107\r
**** c3 rxhdr|cache-control: no-cache\r
**** c3 rxhdr|content-type: text/html\r
**** c3 rxhdr|\r
|
2023-09-20 16:02:16 +02:00 |
|
Ilya Shipitsin
|
b6189bc268
|
REGTESTS: ssl: fix grep invocation to use extended regex in ssl_generate_certificate.vtc
in 2f2a2884b7 grep should have use regex flag -E, but flag
was lost by mistake
|
2022-08-06 23:24:13 +02:00 |
|
Ilya Shipitsin
|
2f2a2884b7
|
REGTESTS: ssl: adopt tests to OpenSSL-3.0.N
on Ubuntu-22.04 openssl-3.0.5 is shipped which has changed ec curve
description to "Server Temp Key: ECDH, secp384r1, 384 bits"
|
2022-08-06 17:46:10 +02:00 |
|
Ilya Shipitsin
|
0865160b93
|
REGTESTS: ssl: adopt tests to OpenSSL-3.0.N
on Ubuntu-22.04 openssl-3.0.5 is shipped which has changed ec curve
description to "Server Temp Key: ECDH, prime256v1, 256 bits"
|
2022-08-06 17:45:55 +02:00 |
|
Remi Tricot-Le Breton
|
3f269bb370
|
REGTESTS: ssl: Add test for "generate-certificates" SSL option
The 'generate-certificates' bind line option that allows to create
server certificates on-the-fly for newly used SNIs was not tested yet.
|
2022-02-09 12:10:32 +01:00 |
|