62 lines
1.8 KiB
Plaintext
62 lines
1.8 KiB
Plaintext
#commit b406b87
|
|
# BUG/MEDIUM: connection: don't store recv() result into trash.data
|
|
#
|
|
# Cyril Bonté discovered that the proxy protocol randomly fails since
|
|
# commit 843b7cb ("MEDIUM: chunks: make the chunk struct's fields match
|
|
# the buffer struct"). This is because we used to store recv()'s return
|
|
# code into trash.data which is now unsigned, so it never compares as
|
|
# negative against 0. Let's clean this up and test the result itself
|
|
# without storing it first.
|
|
|
|
varnishtest "PROXY protocol random failures"
|
|
#REQUIRE_OPTIONS=OPENSSL
|
|
|
|
feature ignore_unknown_macro
|
|
|
|
#REGTEST_TYPE=broken
|
|
|
|
syslog Slog_1 -repeat 8 -level info {
|
|
recv
|
|
expect ~ "Connect from .* to ${h1_ssl_addr}:${h1_ssl_port}"
|
|
recv
|
|
expect ~ "ssl-offload-http/http .* \"POST (https://.*:${h1_ssl_port})?/[1-8] HTTP/(2\\.0|1\\.1)\""
|
|
} -start
|
|
|
|
haproxy h1 -conf {
|
|
global
|
|
.if !ssllib_name_startswith(AWS-LC)
|
|
tune.ssl.default-dh-param 2048
|
|
.endif
|
|
log ${Slog_1_addr}:${Slog_1_port} len 2048 local0 debug err
|
|
|
|
defaults
|
|
mode http
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
log global
|
|
|
|
listen http
|
|
bind unix@"${tmpdir}/http.socket" accept-proxy name ssl-offload-http
|
|
option forwardfor
|
|
|
|
listen ssl-offload-http
|
|
option httplog
|
|
bind "fd@${ssl}" ssl crt ${testdir}/common.pem ssl no-sslv3 alpn h2,http/1.1
|
|
server http unix@"${tmpdir}/http.socket" send-proxy
|
|
} -start
|
|
|
|
|
|
shell {
|
|
HOST=${h1_ssl_addr}
|
|
if [ "$HOST" = "::1" ] ; then
|
|
HOST="\[::1\]"
|
|
fi
|
|
for i in 1 2 3 4 5 6 7 8 ; do
|
|
urls="$urls https://$HOST:${h1_ssl_port}/$i"
|
|
done
|
|
curl -i -k -d 'x=x' $urls & wait $!
|
|
}
|
|
|
|
syslog Slog_1 -wait
|