REGTESTS: add a new "ssl_alpn" test to test ALPN negotiation
This teg-test verifies that different ALPN values on the "server" line
will negotiate the expected protocol depending on the ALPN "bind" line.
diff --git a/reg-tests/ssl/ssl_alpn.vtc b/reg-tests/ssl/ssl_alpn.vtc
new file mode 100644
index 0000000..ea1b8a6
--- /dev/null
+++ b/reg-tests/ssl/ssl_alpn.vtc
@@ -0,0 +1,212 @@
+#REGTEST_TYPE=devel
+
+# This teg-test verifies that different ALPN values on the "server" line
+# will negotiate the expected protocol depending on the ALPN "bind" line.
+# It requires OpenSSL >= 1.0.2 for ALPN
+
+varnishtest "Test the bind 'alpn' setting"
+feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.8-dev7)'"
+feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && openssl_version_atleast(1.0.2)'"
+feature ignore_unknown_macro
+
+haproxy h1 -conf {
+ global
+ tune.ssl.default-dh-param 2048
+
+ defaults
+ mode http
+ option httplog
+ log stderr local0 debug err
+ timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+ timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
+ timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
+
+ listen px-clr
+ bind "fd@${clearfe}"
+ default-server ssl verify none
+
+ # first digit select the alpn sent by the client, second digit, the server one
+ use-server s00 if { path /00 }
+ server s00 "${tmpdir}/ssl0.sock"
+ use-server s01 if { path /01 }
+ server s01 "${tmpdir}/ssl1.sock"
+ use-server s02 if { path /02 }
+ server s02 "${tmpdir}/ssl2.sock"
+ use-server s03 if { path /03 }
+ server s03 "${tmpdir}/ssl3.sock"
+ use-server s04 if { path /04 }
+ server s04 "${tmpdir}/ssl4.sock"
+
+ use-server s10 if { path /10 }
+ server s10 "${tmpdir}/ssl0.sock" alpn http/1.1
+ use-server s11 if { path /11 }
+ server s11 "${tmpdir}/ssl1.sock" alpn http/1.1
+ use-server s12 if { path /12 }
+ server s12 "${tmpdir}/ssl2.sock" alpn http/1.1
+ use-server s13 if { path /13 }
+ server s13 "${tmpdir}/ssl3.sock" alpn http/1.1
+ use-server s14 if { path /14 }
+ server s14 "${tmpdir}/ssl4.sock" alpn http/1.1
+
+ use-server s20 if { path /20 }
+ server s20 "${tmpdir}/ssl0.sock" alpn h2
+ use-server s21 if { path /21 }
+ server s21 "${tmpdir}/ssl1.sock" alpn h2
+ use-server s22 if { path /22 }
+ server s22 "${tmpdir}/ssl2.sock" alpn h2
+ use-server s23 if { path /23 }
+ server s23 "${tmpdir}/ssl3.sock" alpn h2
+ use-server s24 if { path /24 }
+ server s24 "${tmpdir}/ssl4.sock" alpn h2
+
+ use-server s30 if { path /30 }
+ server s30 "${tmpdir}/ssl0.sock" alpn h2,http/1.1
+ use-server s31 if { path /31 }
+ server s31 "${tmpdir}/ssl1.sock" alpn h2,http/1.1
+ use-server s32 if { path /32 }
+ server s32 "${tmpdir}/ssl2.sock" alpn h2,http/1.1
+ use-server s33 if { path /33 }
+ server s33 "${tmpdir}/ssl3.sock" alpn h2,http/1.1
+ use-server s34 if { path /34 }
+ server s34 "${tmpdir}/ssl4.sock" alpn h2,http/1.1
+
+ frontend fe-ssl
+ bind "${tmpdir}/ssl0.sock" ssl crt ${testdir}/common.pem
+ bind "${tmpdir}/ssl1.sock" ssl crt ${testdir}/common.pem alpn http/1.1
+ bind "${tmpdir}/ssl2.sock" ssl crt ${testdir}/common.pem alpn h2
+ bind "${tmpdir}/ssl3.sock" ssl crt ${testdir}/common.pem alpn h2,http/1.1
+ bind "${tmpdir}/ssl4.sock" ssl crt ${testdir}/common.pem no-alpn
+ http-request return status 200 hdr x-alpn _%[ssl_fc_alpn] hdr x-path %[path] hdr x-ver _%[req.ver]
+} -start
+
+# client sends no alpn
+client c1 -connect ${h1_clearfe_sock} {
+ txreq -url "/00"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_"
+ expect resp.http.x-ver == "_1.1"
+
+ txreq -url "/01"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_"
+ expect resp.http.x-ver == "_1.1"
+
+ txreq -url "/02"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_"
+ expect resp.http.x-ver == "_1.1"
+
+ txreq -url "/03"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_"
+ expect resp.http.x-ver == "_1.1"
+
+ txreq -url "/04"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_"
+ expect resp.http.x-ver == "_1.1"
+} -run
+
+# client sends alpn=http/1.1
+client c1 -connect ${h1_clearfe_sock} {
+ txreq -url "/10"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_"
+ expect resp.http.x-ver == "_1.1"
+
+ txreq -url "/11"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_http/1.1"
+ expect resp.http.x-ver == "_1.1"
+
+ txreq -url "/12"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_"
+ expect resp.http.x-ver == "_1.1"
+
+ txreq -url "/13"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_http/1.1"
+ expect resp.http.x-ver == "_1.1"
+
+ txreq -url "/14"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_"
+ expect resp.http.x-ver == "_1.1"
+} -run
+
+# client sends alpn=h2
+client c1 -connect ${h1_clearfe_sock} {
+ txreq -url "/20"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_"
+ expect resp.http.x-ver == "_1.1"
+
+ txreq -url "/21"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_"
+ expect resp.http.x-ver == "_1.1"
+
+ txreq -url "/22"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_h2"
+ expect resp.http.x-ver == "_2.0"
+
+ txreq -url "/23"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_h2"
+ expect resp.http.x-ver == "_2.0"
+
+ txreq -url "/24"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_"
+ expect resp.http.x-ver == "_1.1"
+} -run
+
+# client sends alpn=h2,http/1.1
+client c1 -connect ${h1_clearfe_sock} {
+ txreq -url "/30"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_"
+ expect resp.http.x-ver == "_1.1"
+
+ txreq -url "/31"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_http/1.1"
+ expect resp.http.x-ver == "_1.1"
+
+ txreq -url "/32"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_h2"
+ expect resp.http.x-ver == "_2.0"
+
+ txreq -url "/33"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_h2"
+ expect resp.http.x-ver == "_2.0"
+
+ txreq -url "/34"
+ rxresp
+ expect resp.status == 200
+ expect resp.http.x-alpn == "_"
+ expect resp.http.x-ver == "_1.1"
+} -run