mirror/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git synced 2026-02-04 20:23:40 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
a79a67b52f676bf84de23e2a7db43eb2f7e4380e
haproxy/reg-tests/checks/ssl-hello-check.vtc
Frederic Lecaille 6e94b69665 REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory 
Move all these files and others for OCSP tests found into reg-tests/ssl
to reg-test/ssl/certs and adapt all the VTC files which use them.

This patch is needed by other tests which have to include the SSL tests.
Indeed, some VTC commands contain paths to these files which cannot
be customized with environment variables, depending on the location the VTC file
is runi from, because VTC does not resolve the environment variables. Only macros
as ${testdir} can be resolved.

For instance this command run from a VTC file from reg-tests/ssl directory cannot
be reused from another directory, except if we add a symbolic link for each certs,
key etc.

 haproxy h1 -cli {
   send "del ssl crt-list ${testdir}/localhost.crt-list ${testdir}/common.pem:1"
 }

This is not what we want. We add a symbolic link to reg-test/ssl/certs to the
directory and modify the command above as follows:

 haproxy h1 -cli {
   send "del ssl crt-list ${testdir}/certs/localhost.crt-list ${testdir}/certs/common.pem:1"
 }
2025-12-08 10:40:59 +01:00

82 lines
2.3 KiB
Plaintext
Raw Blame History

varnishtest "Health-checks: ssl-hello health-check"
#REQUIRE_OPTION=OPENSSL
#REGTEST_TYPE=slow
feature ignore_unknown_macro
# This scripts tests health-checks for SSL application, enabled using
# "option ssl-hello-chk" line.
syslog S1 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be1/srv succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
} -start
syslog S2 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be2/srv failed, reason: Layer6 invalid response.+info: \"TCPCHK got an empty response at step 2\".+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
syslog S3 -level notice {
recv
expect ~ "[^:\\[ ]\\[${h1_pid}\\]: Health check for server be3/srv failed, reason: Layer6 invalid response.+check duration: [[:digit:]]+ms, status: 0/1 DOWN."
} -start
haproxy htst -conf {
global
.if feature(THREAD)
thread-groups 1
.endif
.if !ssllib_name_startswith(AWS-LC)
tune.ssl.default-dh-param 2048
.endif
defaults
mode tcp
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
frontend fe1
bind "fd@${fe1}" ssl crt ${testdir}/certs/common.pem
frontend fe2
bind "fd@${fe2}"
frontend fe3
mode http
bind "fd@${fe3}"
} -start
haproxy h1 -conf {
defaults
mode tcp
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
backend be1
log ${S1_addr}:${S1_port} daemon
option log-health-checks
option ssl-hello-chk
server srv ${htst_fe1_addr}:${htst_fe1_port} check inter 1s rise 1 fall 1
backend be2
log ${S2_addr}:${S2_port} daemon
option log-health-checks
option ssl-hello-chk
server srv ${htst_fe2_addr}:${htst_fe2_port} check inter 1s rise 1 fall 1
backend be3
log ${S3_addr}:${S3_port} daemon
option log-health-checks
option ssl-hello-chk
server srv ${htst_fe3_addr}:${htst_fe3_port} check inter 1s rise 1 fall 1
} -start
syslog S1 -wait
syslog S2 -wait
syslog S3 -wait
Reference in New Issue View Git Blame Copy Permalink