mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-26 22:52:13 +00:00
00b7b49a46
Adds a new sample fetch method to get the curve name used in the key agreement to enable better observability. In OpenSSLv3, the function `SSL_get_negotiated_group` returns the NID of the curve and from the NID, we get the curve name by passing the NID to OBJ_nid2sn. This was not available in v1.1.1. SSL_get_curve_name(), which returns the curve name directly was merged into OpenSSL master branch last week but will be available only in its next release.
52 lines
1.4 KiB
Plaintext
52 lines
1.4 KiB
Plaintext
#REGTEST_TYPE=devel
|
|
|
|
varnishtest "Test the ssl_fc_curve/ssl_bc_curve sample fetches"
|
|
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && ssllib_name_startswith(OpenSSL) && openssl_version_atleast(3.0.0)'"
|
|
feature ignore_unknown_macro
|
|
|
|
server s1 -repeat 3 {
|
|
rxreq
|
|
txresp
|
|
} -start
|
|
|
|
haproxy h1 -conf {
|
|
global
|
|
tune.ssl.default-dh-param 2048
|
|
tune.ssl.capture-buffer-size 1
|
|
crt-base ${testdir}
|
|
|
|
defaults
|
|
mode http
|
|
option httplog
|
|
log stderr local0 debug err
|
|
option logasap
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
|
|
listen clear-lst
|
|
bind "fd@${clearlst}"
|
|
balance roundrobin
|
|
http-response add-header x-ssl-bc-curve-name %[ssl_bc_curve]
|
|
server s1 "${tmpdir}/ssl.sock" ssl verify none crt ${testdir}/client.ecdsa.pem
|
|
|
|
listen ssl-lst
|
|
mode http
|
|
http-response add-header x-ssl-fc-curve-name %[ssl_fc_curve]
|
|
bind "${tmpdir}/ssl.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional curves X25519:P-256:P-384
|
|
|
|
server s1 ${s1_addr}:${s1_port}
|
|
} -start
|
|
|
|
|
|
client c1 -connect ${h1_clearlst_sock} {
|
|
txreq
|
|
rxresp
|
|
expect resp.status == 200
|
|
expect resp.http.x-ssl-fc-curve-name == "X25519"
|
|
expect resp.http.x-ssl-bc-curve-name == "X25519"
|
|
|
|
} -run
|
|
|