mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-19 10:14:41 +00:00
f673923629
With the CI occasionally slowing down, we're starting to see again some spurious failures despite the long 1-second timeouts. This reports false positives that are disturbing and doesn't provide as much value as this could. However at this delay it already becomes a pain for developers to wait for the tests to complete. This commit adds support for the new environment variable HAPROXY_TEST_TIMEOUT that will allow anyone to modify the connect, client and server timeouts. It was set to 5 seconds by default, which should be plenty for quite some time in the CI. All relevant values that were 200ms or above were replaced by this one. A few larger values were left as they are special. One test for the set-timeout action that used to rely on a fixed 1-sec value was extended to a fixed 5-sec, as the timeout is normally not reached, but it needs to be known to compare the old and new values.
64 lines
1.6 KiB
Plaintext
64 lines
1.6 KiB
Plaintext
varnishtest "Add server via cli with SSL activated"
|
|
|
|
feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.5-dev0)'"
|
|
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL)'"
|
|
feature cmd "command -v socat"
|
|
feature ignore_unknown_macro
|
|
|
|
haproxy h1 -conf {
|
|
global
|
|
stats socket "${tmpdir}/h1/stats" level admin
|
|
|
|
defaults
|
|
mode http
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
# proxy to attach a ssl server
|
|
listen li-ssl
|
|
bind "fd@${feSsl}"
|
|
balance random
|
|
|
|
# frontend used to respond to ssl connection
|
|
frontend fe-ssl-term
|
|
bind "fd@${feSslTerm}" ssl crt ${testdir}/common.pem
|
|
http-request return status 200
|
|
} -start
|
|
|
|
### SSL SUPPORT
|
|
# 1. first create a ca-file using CLI
|
|
# 2. create an SSL server and use it
|
|
|
|
client c1 -connect ${h1_feSsl_sock} {
|
|
txreq
|
|
rxresp
|
|
expect resp.status == 503
|
|
} -run
|
|
|
|
shell {
|
|
echo "new ssl ca-file common.pem" | socat "${tmpdir}/h1/stats" -
|
|
printf "set ssl ca-file common.pem <<\n$(cat ${testdir}/common.pem)\n\n" | socat "${tmpdir}/h1/stats" -
|
|
echo "commit ssl ca-file common.pem" | socat "${tmpdir}/h1/stats" -
|
|
} -run
|
|
|
|
haproxy h1 -cli {
|
|
send "show ssl ca-file common.pem"
|
|
expect ~ ".*SHA1 FingerPrint: 9A6418E498C43EDBCF5DD3C4C6FCD1EE0D7A946D"
|
|
}
|
|
|
|
haproxy h1 -cli {
|
|
# non existent backend
|
|
send "experimental-mode on; add server li-ssl/s1 ${h1_feSslTerm_addr}:${h1_feSslTerm_port} ssl ca-file common.pem verify none"
|
|
expect ~ "New server registered."
|
|
|
|
send "enable server li-ssl/s1"
|
|
expect ~ ".*"
|
|
}
|
|
|
|
client c2 -connect ${h1_feSsl_sock} {
|
|
txreq
|
|
rxresp
|
|
expect resp.status == 200
|
|
} -run
|