Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 8177ad989573586ab8ef1d9bdf63ac4cdc5abc27^! / . / reg-tests / ssl / add_ssl_crt-list.vtc
commit8177ad989573586ab8ef1d9bdf63ac4cdc5abc27[log] [tgz]
authorWilliam Lallemand <wlallemand@haproxy.com>Wed May 20 16:49:02 2020 +0200
committerWilliam Lallemand <wlallemand@haproxy.org>Wed May 20 16:49:02 2020 +0200
treebb43b9bf3e834e00ac5f4701c85ad012543bb53c
parent13dd45178e24504504a02d89d9a81d4b80c63c93 [diff] [blame]
MINOR: ssl: split config and runtime variable for ssl-{min,max}-ver

In the CLI command 'show ssl crt-list', the ssl-min-ver and the
ssl-min-max arguments were always displayed because the dumped versions
were the actual version computed and used by haproxy, instead of the
version found in the configuration.

To fix the problem, this patch separates the variables to have one with
the configured version, and one with the actual version used. The dump
only shows the configured version.

diff --git a/reg-tests/ssl/add_ssl_crt-list.vtc b/reg-tests/ssl/add_ssl_crt-list.vtc
index 2866619..b5ca779 100644
--- a/reg-tests/ssl/add_ssl_crt-list.vtc
+++ b/reg-tests/ssl/add_ssl_crt-list.vtc

@@ -70,7 +70,7 @@
     echo "new ssl cert ${testdir}/ecdsa.pem" | socat "${tmpdir}/h1/stats" -
     printf "set ssl cert ${testdir}/ecdsa.pem <<\n$(cat ${testdir}/ecdsa.pem)\n\n" | socat "${tmpdir}/h1/stats" -
     echo "commit ssl cert ${testdir}/ecdsa.pem" | socat "${tmpdir}/h1/stats" -
-    printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem [verify none allow-0rtt] localhost !www.test1.com\n\n" | socat "${tmpdir}/h1/stats" -
+    printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem [ssl-min-ver SSLv3 verify none allow-0rtt] localhost !www.test1.com\n\n" | socat "${tmpdir}/h1/stats" -
     printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem [verify none allow-0rtt]\n\n" | socat "${tmpdir}/h1/stats" -
     printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem localhost !www.test1.com\n\n" | socat "${tmpdir}/h1/stats" -
     printf "add ssl crt-list ${testdir}/localhost.crt-list <<\n${testdir}/ecdsa.pem\n\n" | socat "${tmpdir}/h1/stats" -
@@ -85,7 +85,7 @@
 haproxy h1 -cli {
     send "show ssl crt-list ${testdir}/localhost.crt-list"
     # check the options and the filters in any order
-    expect ~ ".*${testdir}/ecdsa.pem \\[(?=.*verify none)(?=.*allow-0rtt).*\\](?=.*!www.test1.com)(?=.*localhost).*"
+    expect ~ ".*${testdir}/ecdsa.pem \\[(?=.*verify none)(?=.*allow-0rtt)(?=.*ssl-min-ver SSLv3).*\\](?=.*!www.test1.com)(?=.*localhost).*"
 }
 
 client c1 -connect ${h1_clearlst_sock} {