diff --git a/reg-tests/quic/ssl_reuse.vtc b/reg-tests/quic/ssl_reuse.vtc deleted file mode 100644 index b3e09c11d..000000000 --- a/reg-tests/quic/ssl_reuse.vtc +++ /dev/null @@ -1,10 +0,0 @@ -#REGTEST_TYPE=devel - -# Same test as ssl/ssl_reuse.vtc, but with QUIC connections where applicable (only for TLSv3) - -varnishtest "Test if the SSL session/ticket reuse work correctly" - -feature cmd "$HAPROXY_PROGRAM -cc 'feature(QUIC) && !feature(QUIC_OPENSSL_COMPAT) && !feature(OPENSSL_WOLFSSL)'" - -setenv VTC_SOCK_TYPE quic -include ${testdir}/../ssl/ssl_reuse.vtc diff --git a/reg-tests/quic/tls13_reuse.vtc b/reg-tests/quic/tls13_reuse.vtc new file mode 100644 index 000000000..43808d9db --- /dev/null +++ b/reg-tests/quic/tls13_reuse.vtc @@ -0,0 +1,11 @@ +#REGTEST_TYPE=devel + +# This reg-test tests 2 scenarios with and without resumption tickets, with QUIC/TLSv1.3 +# Each client will try to established a connection, then try to reconnect 20 times resuming. + +varnishtest "Test if the SSL session/ticket reuse works correctly for QUIC" +feature cmd "$HAPROXY_PROGRAM -cc 'feature(QUIC) && !feature(QUIC_OPENSSL_COMPAT) && !feature(OPENSSL_WOLFSSL) && ssllib_name_startswith(OpenSSL) && openssl_version_atleast(1.1.1)'" + +setenv VTC_SOCK_TYPE quic +setenv TLSV TLSv1.3 +include ${testdir}/../ssl/ssl_reuse.vtci diff --git a/reg-tests/ssl/ssl_reuse.vtc b/reg-tests/ssl/ssl_reuse.vtci similarity index 60% rename from reg-tests/ssl/ssl_reuse.vtc rename to reg-tests/ssl/ssl_reuse.vtci index 7ca8e3d64..f7218588f 100644 --- a/reg-tests/ssl/ssl_reuse.vtc +++ b/reg-tests/ssl/ssl_reuse.vtci @@ -1,11 +1,5 @@ -#REGTEST_TYPE=devel +# Uses VTC_SOCK_TYPE (quic / stream) TLSV (TLSv1.2 / TLSv1.3) -# This reg-test tests 4 scenarios with and without resumption tickets, with TLSv1.3 and TLSv1.2 -# Each client will try to established a connection, then try to reconnect 20 times resuming. - - -varnishtest "Test if the SSL session/ticket reuse work correctly" -feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL_WOLFSSL) || feature(OPENSSL) && ssllib_name_startswith(OpenSSL) && openssl_version_atleast(1.1.1)'" feature ignore_unknown_macro server s1 -repeat 84 { @@ -13,8 +7,6 @@ server s1 -repeat 84 { txresp } -start -setenv -ifunset VTC_SOCK_TYPE stream - haproxy h1 -conf { global .if streq("$VTC_SOCK_TYPE",quic) @@ -39,16 +31,6 @@ haproxy h1 -conf { timeout client "${HAPROXY_TEST_TIMEOUT-5s}" timeout server "${HAPROXY_TEST_TIMEOUT-5s}" - listen clst1 - bind "fd@${clst1}" - server s1 "${h1_fe1_addr}:${h1_fe1_port}" ssl verify none sni str(www.test1.com) - http-response add-header x-ssl-bc-resumed %[ssl_bc_is_resumed] - - listen clst2 - bind "fd@${clst2}" - server s1 "${h1_fe2_addr}:${h1_fe2_port}" ssl verify none sni str(www.test1.com) - http-response add-header x-ssl-bc-resumed %[ssl_bc_is_resumed] - listen clst3 bind "fd@${clst3}" server s1 "${VTC_SOCK_TYPE}+${h1_fe3_addr}:${h1_fe3_port}" ssl verify none sni str(www.test1.com) @@ -60,47 +42,14 @@ haproxy h1 -conf { http-response add-header x-ssl-bc-resumed %[ssl_bc_is_resumed] listen ssl - bind "fd@${fe1}" ssl crt ${testdir}/common.pem ssl-max-ver TLSv1.2 - bind "fd@${fe2}" ssl crt ${testdir}/common.pem ssl-max-ver TLSv1.2 no-tls-tickets - bind "${VTC_SOCK_TYPE}+fd@${fe3}" ssl crt ${testdir}/common.pem ssl-min-ver TLSv1.3 - bind "${VTC_SOCK_TYPE}+fd@${fe4}" ssl crt ${testdir}/common.pem ssl-min-ver TLSv1.3 no-tls-tickets + bind "${VTC_SOCK_TYPE}+fd@${fe3}" ssl crt ${testdir}/common.pem ssl-min-ver "${TLSV}" ssl-max-ver "${TLSV}" + bind "${VTC_SOCK_TYPE}+fd@${fe4}" ssl crt ${testdir}/common.pem ssl-min-ver "${TLSV}" ssl-max-ver "${TLSV}" no-tls-tickets http-response add-header x-ssl-resumed %[ssl_fc_is_resumed] server s1 ${s1_addr}:${s1_port} } -start -# first bind -# the first connection is not resumed -client c1 -connect ${h1_clst1_sock} { - txreq - rxresp - expect resp.status == 200 - expect resp.http.x-ssl-resumed == 0 -} -run -# the next 20 connections are resumed -client c1 -connect ${h1_clst1_sock} -repeat 20 { - txreq - rxresp - expect resp.status == 200 - expect resp.http.x-ssl-resumed == 1 -} -run - -# second bind -client c2 -connect ${h1_clst2_sock} { - txreq - rxresp - expect resp.status == 200 - expect resp.http.x-ssl-resumed == 0 -} -run - -client c2 -connect ${h1_clst2_sock} -repeat 20 { - txreq - rxresp - expect resp.status == 200 - expect resp.http.x-ssl-resumed == 1 -} -run - # third bind client c3 -connect ${h1_clst3_sock} { txreq @@ -148,4 +97,3 @@ haproxy h1 -cli { send "show info" expect ~ ".*SslFrontendSessionReuse_pct: 95.*" } - diff --git a/reg-tests/ssl/tls12_reuse.vtc b/reg-tests/ssl/tls12_reuse.vtc new file mode 100644 index 000000000..57d6ca486 --- /dev/null +++ b/reg-tests/ssl/tls12_reuse.vtc @@ -0,0 +1,11 @@ +#REGTEST_TYPE=devel + +# This reg-test tests 2 scenarios with and without resumption tickets, with TLSv1.2 +# Each client will try to established a connection, then try to reconnect 20 times resuming. + +varnishtest "Test if the SSL session/ticket reuse works correctly for TLSv1.2" +feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL_WOLFSSL) || feature(OPENSSL) && ssllib_name_startswith(OpenSSL) && openssl_version_atleast(1.1.1)'" + +setenv VTC_SOCK_TYPE stream +setenv TLSV TLSv1.2 +include ${testdir}/../ssl/ssl_reuse.vtci diff --git a/reg-tests/ssl/tls13_reuse.vtc b/reg-tests/ssl/tls13_reuse.vtc new file mode 100644 index 000000000..d990286c2 --- /dev/null +++ b/reg-tests/ssl/tls13_reuse.vtc @@ -0,0 +1,11 @@ +#REGTEST_TYPE=devel + +# This reg-test tests 2 scenarios with and without resumption tickets, with TLSv1.3 +# Each client will try to established a connection, then try to reconnect 20 times resuming. + +varnishtest "Test if the SSL session/ticket reuse works correctly for TLSv1.3" +feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL_WOLFSSL) || feature(OPENSSL) && ssllib_name_startswith(OpenSSL) && openssl_version_atleast(1.1.1)'" + +setenv VTC_SOCK_TYPE stream +setenv TLSV TLSv1.3 +include ${testdir}/../ssl/ssl_reuse.vtci