haproxy/reg-tests
William Lallemand 2c776f1c30 BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server
This bug was introduced by d817dc73 ("MEDIUM: ssl: Load client
certificates in a ckch for backend servers") in which the creation of
the SSL_CTX for a server was moved to the configuration parser when
using a "crt" keyword instead of being done in ssl_sock_prepare_srv_ctx().

The patch 0498fa40 ("BUG/MINOR: ssl: Default-server configuration ignored by
server") made it worse by setting the same SSL_CTX for every servers
using a default-server. Resulting in any SSL option on a server applied
to every server in its backend.

This patch fixes the issue by reintroducing a string which store the
path of certificate inside the server structure, and loading the
certificate in ssl_sock_prepare_srv_ctx() again.

This is a quick fix to backport, a cleaner way can be achieve by always
creating the SSL_CTX in ssl_sock_prepare_srv_ctx() and splitting
properly the ssl_sock_load_srv_cert() function.

This patch fixes issue #1488.

Must be backported as far as 2.4.
2021-12-29 14:42:16 +01:00
..
balance REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
cache REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
checks REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
compression REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
connection REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
contrib REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
converter REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
filters REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
http-capture REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
http-cookies REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
http-errorfiles REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
http-messaging REGTESTS: h1: Add a script to validate H1 splicing support 2021-12-01 11:47:08 +01:00
http-rules REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
http-set-timeout REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
jwt REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
log REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
lua BUG/MINOR: httpclient: allow to replace the host header 2021-11-24 15:44:36 +01:00
mailers REGTESTS: Remove REQUIRE_VERSION=1.6 from all tests 2021-06-11 19:21:28 +02:00
mcli REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
peers REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
sample_fetches REGTESTS: vars: Remove useless ssl tunes from conditional set-var test 2021-12-20 11:41:13 +01:00
seamless-reload REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
server BUG/MINOR: server: Don't rely on last default-server to init server SSL context 2021-12-01 11:47:08 +01:00
spoe REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
ssl BUG/MEDIUM: ssl: initialize correctly ssl w/ default-server 2021-12-29 14:42:16 +01:00
startup REGTESTS: Use feature cmd for 2.5+ tests (2) 2021-11-05 08:27:32 +01:00
stick-table REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
stickiness REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
stream REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
tcp-rules REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00
webstats REGTESTS: Remove REQUIRE_VERSION=1.6 from all tests 2021-06-11 19:21:28 +02:00
README REGTESTS: extend the default I/O timeouts and make them overridable 2021-11-18 17:57:11 +01:00

                 * Regression testing for HAProxy with VTest *


This little README file is about how to compile and run vtest test case files (VTC files)
to test HAProxy for any regression.

To do so, you will have to compile vtest program sources which depends on
Varnish cache application sources. vtest, formerly varnishtest, is a very useful
program which has been developed to test Varnish cache application. vtest has been
modified in collaboration with Varnish cache conceptor Poul-Henning Kamp to support
HAProxy in addition to Varnish cache.

See also: doc/regression-testing.txt

* vtest compilation *

    $ git clone https://github.com/vtest/VTest

    $ cd VTest

    $ make vtest

  Then vtest program may be found at the root directory of vtest sources directory.
  The Varnish cache manuals are located in 'man' directory of Varnish cache sources
  directory. You will have to have a look at varnishtest(7) and vtc(7) manuals to
  use vtest.

  Some information may also be found in doc/regression-testing.txt in HAProxy
  sources.

  Note that VTC files for Varnish cache may be found in bin/varnishtest/tests directory
  of Varnish cache sources directory which may be found here:
  https://github.com/varnishcache/varnish-cache


* vtest execution *

  You must set HAPROXY_PROGRAM environment variable to give the location
  of the HAProxy program to test to vtest:

    $ HAPROXY_PROGRAM=<my haproxy program> vtest ...

  The HAProxy VTC files found in HAProxy sources may be run with the reg-tests
  Makefile target. You must set the VTEST_PROGRAM environment variable to
  give the location of the vtest program which has been previously compiled.

    $ VTEST_PROGRAM=<my vtest program> make reg-tests

  "reg-tests" Makefile target run scripts/run-regtest.sh script.
  To get more information about this script run it with --help option.

  Note that vtest is run with -t10 and -l option. -l option is to keep
  keep vtest temporary directory in case of failed test cases. core files
  may be found in this directory (if enabled by ulimit).


* vtest patches for HAProxy VTC files *

  When producing a patch to add a VTC regression testing file to reg-tests directory,
  please follow these simple rules:

    - If your VTC file needs others files, if possible, use the same basename as that
      of the VTC file,
    - Put these files in a directory with the same name as the code area concerned
      by the bug ('peers', 'lua', 'acl' etc).

Please note that most tests use a common set of timeouts defined by the
environment variable HAPROXY_TEST_TIMEOUT. As much as possible, for regular I/O
(i.e. not errors), please try to reuse that setting so that the value may
easily be adjusted when running in some particularly slow environments, or be
shortened to fail faster on developers' machines.