#REGTEST_TYPE=devel # This teg-test verifies that different ALPN values on the "server" line # will negotiate the expected protocol depending on the ALPN "bind" line. # It requires OpenSSL >= 1.0.2 for ALPN varnishtest "Test the bind 'alpn' setting" feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.8-dev7)'" feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && openssl_version_atleast(1.0.2)'" feature ignore_unknown_macro haproxy h1 -conf { global .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 .endif defaults mode http option httplog log stderr local0 debug err timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" timeout client "${HAPROXY_TEST_TIMEOUT-5s}" timeout server "${HAPROXY_TEST_TIMEOUT-5s}" listen px-clr bind "fd@${clearfe}" default-server ssl verify none # first digit select the alpn sent by the client, second digit, the server one use-server s00 if { path /00 } server s00 "${tmpdir}/ssl0.sock" use-server s01 if { path /01 } server s01 "${tmpdir}/ssl1.sock" use-server s02 if { path /02 } server s02 "${tmpdir}/ssl2.sock" use-server s03 if { path /03 } server s03 "${tmpdir}/ssl3.sock" use-server s04 if { path /04 } server s04 "${tmpdir}/ssl4.sock" use-server s10 if { path /10 } server s10 "${tmpdir}/ssl0.sock" alpn http/1.1 use-server s11 if { path /11 } server s11 "${tmpdir}/ssl1.sock" alpn http/1.1 use-server s12 if { path /12 } server s12 "${tmpdir}/ssl2.sock" alpn http/1.1 use-server s13 if { path /13 } server s13 "${tmpdir}/ssl3.sock" alpn http/1.1 use-server s14 if { path /14 } server s14 "${tmpdir}/ssl4.sock" alpn http/1.1 use-server s20 if { path /20 } server s20 "${tmpdir}/ssl0.sock" alpn h2 use-server s21 if { path /21 } server s21 "${tmpdir}/ssl1.sock" alpn h2 use-server s22 if { path /22 } server s22 "${tmpdir}/ssl2.sock" alpn h2 use-server s23 if { path /23 } server s23 "${tmpdir}/ssl3.sock" alpn h2 use-server s24 if { path /24 } server s24 "${tmpdir}/ssl4.sock" alpn h2 use-server s30 if { path /30 } server s30 "${tmpdir}/ssl0.sock" alpn h2,http/1.1 use-server s31 if { path /31 } server s31 "${tmpdir}/ssl1.sock" alpn h2,http/1.1 use-server s32 if { path /32 } server s32 "${tmpdir}/ssl2.sock" alpn h2,http/1.1 use-server s33 if { path /33 } server s33 "${tmpdir}/ssl3.sock" alpn h2,http/1.1 use-server s34 if { path /34 } server s34 "${tmpdir}/ssl4.sock" alpn h2,http/1.1 frontend fe-ssl bind "${tmpdir}/ssl0.sock" ssl crt ${testdir}/common.pem bind "${tmpdir}/ssl1.sock" ssl crt ${testdir}/common.pem alpn http/1.1 bind "${tmpdir}/ssl2.sock" ssl crt ${testdir}/common.pem alpn h2 bind "${tmpdir}/ssl3.sock" ssl crt ${testdir}/common.pem alpn h2,http/1.1 bind "${tmpdir}/ssl4.sock" ssl crt ${testdir}/common.pem no-alpn http-request return status 200 hdr x-alpn _%[ssl_fc_alpn] hdr x-path %[path] hdr x-ver _%[req.ver] } -start # client sends no alpn client c1 -connect ${h1_clearfe_sock} { txreq -url "/00" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_" expect resp.http.x-ver == "_1.1" txreq -url "/01" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_" expect resp.http.x-ver == "_1.1" txreq -url "/02" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_" expect resp.http.x-ver == "_1.1" txreq -url "/03" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_" expect resp.http.x-ver == "_1.1" txreq -url "/04" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_" expect resp.http.x-ver == "_1.1" } -run # client sends alpn=http/1.1 client c1 -connect ${h1_clearfe_sock} { txreq -url "/10" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_http/1.1" expect resp.http.x-ver == "_1.1" txreq -url "/11" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_http/1.1" expect resp.http.x-ver == "_1.1" txreq -url "/12" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_" expect resp.http.x-ver == "_1.1" txreq -url "/13" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_http/1.1" expect resp.http.x-ver == "_1.1" txreq -url "/14" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_" expect resp.http.x-ver == "_1.1" } -run # client sends alpn=h2 client c1 -connect ${h1_clearfe_sock} { txreq -url "/20" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_h2" expect resp.http.x-ver == "_2.0" txreq -url "/21" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_" expect resp.http.x-ver == "_1.1" txreq -url "/22" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_h2" expect resp.http.x-ver == "_2.0" txreq -url "/23" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_h2" expect resp.http.x-ver == "_2.0" txreq -url "/24" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_" expect resp.http.x-ver == "_1.1" } -run # client sends alpn=h2,http/1.1 client c1 -connect ${h1_clearfe_sock} { txreq -url "/30" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_h2" expect resp.http.x-ver == "_2.0" txreq -url "/31" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_http/1.1" expect resp.http.x-ver == "_1.1" txreq -url "/32" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_h2" expect resp.http.x-ver == "_2.0" txreq -url "/33" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_h2" expect resp.http.x-ver == "_2.0" txreq -url "/34" rxresp expect resp.status == 200 expect resp.http.x-alpn == "_" expect resp.http.x-ver == "_1.1" } -run