commit 0ffad2d76c33ca31e897d64e16ab00e6b1825ce3
author Amaury Denoyelle <adenoyelle@haproxy.com> Fri Jun 18 16:30:36 2021 +0200
committer Amaury Denoyelle <adenoyelle@haproxy.com> Fri Jun 18 16:49:58 2021 +0200
tree bfcdbec36a132a992eb3524f11b26c54ee0b2954
parent 34897d2eff6a2f11a6586bd05e6ea7c90b77542a

REGTESTS: server: test ssl support for dynamic servers

Create a new regtest to test SSL support for dynamic servers.

The first step of the test is to create the ca-file via the CLI. Then a
dynamic server is created with the ssl option using the ca-file. A
client request is made through it to achieve the test.

reg-tests/server/cli_add_ssl_server.vtc

diff --git a/reg-tests/server/cli_add_ssl_server.vtc b/reg-tests/server/cli_add_ssl_server.vtc
new file mode 100644
index 0000000..d375152
--- /dev/null
+++ b/reg-tests/server/cli_add_ssl_server.vtc
@@ -0,0 +1,63 @@
+varnishtest "Add server via cli with SSL activated"
+
+feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.5-dev0)'"
+feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL)'"
+feature cmd "command -v socat"
+feature ignore_unknown_macro
+
+haproxy h1 -conf {
+	global
+		stats socket "${tmpdir}/h1/stats" level admin
+
+	defaults
+		mode http
+		timeout connect 1s
+		timeout client  1s
+		timeout server  1s
+
+	# proxy to attach a ssl server
+	listen li-ssl
+		bind "fd@${feSsl}"
+		balance random
+
+	# frontend used to respond to ssl connection
+	frontend fe-ssl-term
+		bind "fd@${feSslTerm}" ssl crt ${testdir}/common.pem
+		http-request return status 200
+} -start
+
+### SSL SUPPORT
+# 1. first create a ca-file using CLI
+# 2. create an SSL server and use it
+
+client c1 -connect ${h1_feSsl_sock} {
+	txreq
+	rxresp
+	expect resp.status == 503
+} -run
+
+shell {
+	echo "new ssl ca-file common.pem" | socat "${tmpdir}/h1/stats" -
+	printf "set ssl ca-file common.pem <<\n$(cat ${testdir}/common.pem)\n\n" | socat "${tmpdir}/h1/stats" -
+	echo "commit ssl ca-file common.pem" | socat "${tmpdir}/h1/stats" -
+} -run
+
+haproxy h1 -cli {
+    send "show ssl ca-file common.pem"
+    expect ~ ".*SHA1 FingerPrint: 9A6418E498C43EDBCF5DD3C4C6FCD1EE0D7A946D"
+}
+
+haproxy h1 -cli {
+	# non existent backend
+	send "experimental-mode on; add server li-ssl/s1 ${h1_feSslTerm_addr}:${h1_feSslTerm_port} ssl ca-file common.pem verify none"
+	expect ~ "New server registered."
+
+	send "enable server li-ssl/s1"
+	expect ~ ".*"
+}
+
+client c2 -connect ${h1_feSsl_sock} {
+	txreq
+	rxresp
+	expect resp.status == 200
+} -run

reg-tests/server/common.pem

diff --git a/reg-tests/server/common.pem b/reg-tests/server/common.pem
new file mode 120000
index 0000000..a4433d5
--- /dev/null
+++ b/reg-tests/server/common.pem
@@ -0,0 +1 @@
+../ssl/common.pem
\ No newline at end of file