Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 0657b93385b194d6e597d49c03ee05cefb38c78d / . / reg-tests / ssl / ssl_client_samples.vtc
blob: 81a52abebf1b8786a9e95c76e474451de53b33c6 [file] [log] [blame]
William Lallemand86bc9532020-06-26 12:03:45 +0200[diff] [blame]1#REGTEST_TYPE=devel
2
3varnishtest "Test the ssl_c_* sample fetches"
Christopher Fauletc3007472020-11-13 17:10:51 +0100[diff] [blame]4#REQUIRE_VERSION=2.2
William Lallemand86bc9532020-06-26 12:03:45 +0200[diff] [blame]5#REQUIRE_OPTIONS=OPENSSL
6feature ignore_unknown_macro
7
8server s1 -repeat 3 {
9 rxreq
10 txresp
11} -start
12
13haproxy h1 -conf {
14 global
15 tune.ssl.default-dh-param 2048
Marcin Deranek310a2602021-07-13 19:04:24 +0200[diff] [blame]16 tune.ssl.capture-buffer-size 1
William Lallemand86bc9532020-06-26 12:03:45 +0200[diff] [blame]17 crt-base ${testdir}
18
19 defaults
20 mode http
21 option httplog
William Lallemand86bc9532020-06-26 12:03:45 +0200[diff] [blame]22 log stderr local0 debug err
23 option logasap
Willy Tarreauf6739232021-11-18 17:46:22 +0100[diff] [blame]24 timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
25 timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
26 timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
William Lallemand86bc9532020-06-26 12:03:45 +0200[diff] [blame]27
28
29 listen clear-lst
30 bind "fd@${clearlst}"
31 balance roundrobin
32 server s1 "${tmpdir}/ssl.sock" ssl verify none crt ${testdir}/client1.pem
33
34 listen ssl-lst
35 mode http
William Lallemand86bc9532020-06-26 12:03:45 +0200[diff] [blame]36
37 http-response add-header x-ssl-der %[ssl_c_der,hex]
William Dauchya598b502020-08-06 18:11:38 +0200[diff] [blame]38 http-response add-header x-ssl-chain-der %[ssl_c_chain_der,hex]
William Lallemand86bc9532020-06-26 12:03:45 +0200[diff] [blame]39 http-response add-header x-ssl-sha1 %[ssl_c_sha1,hex]
40 http-response add-header x-ssl-notafter %[ssl_c_notafter]
41 http-response add-header x-ssl-notbefore %[ssl_c_notbefore]
42 http-response add-header x-ssl-sig_alg %[ssl_c_sig_alg]
43 http-response add-header x-ssl-i_dn %[ssl_c_i_dn]
44 http-response add-header x-ssl-s_dn %[ssl_c_s_dn]
45 http-response add-header x-ssl-s_serial %[ssl_c_serial,hex]
46 http-response add-header x-ssl-key_alg %[ssl_c_key_alg]
47 http-response add-header x-ssl-version %[ssl_c_version]
48
49 bind "${tmpdir}/ssl.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/ca-auth.crt verify optional crt-ignore-err all crl-file ${testdir}/crl-auth.pem
50
51 server s1 ${s1_addr}:${s1_port}
52} -start
53
54
55client c1 -connect ${h1_clearlst_sock} {
56 txreq
57 rxresp
58 expect resp.status == 200
59 expect resp.http.x-ssl-der ~ 3082052D30820315020102300D0.*995ED3BE2BFB923A3EB71FA07002E
William Dauchya598b502020-08-06 18:11:38 +0200[diff] [blame]60 expect resp.http.x-ssl-chain-der ~ 3082096B30820553A0030201020.*0237D08F425C8414A23D436415502
William Lallemand86bc9532020-06-26 12:03:45 +0200[diff] [blame]61 expect resp.http.x-ssl-sha1 == "D9C3BAE37EA5A7EDB7B3C9BDD4DCB2FE58A412E4"
62 expect resp.http.x-ssl-notafter == "500421185942Z"
63 expect resp.http.x-ssl-notbefore == "200428185942Z"
64 expect resp.http.x-ssl-sig_alg == "RSA-SHA256"
65 expect resp.http.x-ssl-i_dn == "/C=FR/ST=Some-State/O=HAProxy Technologies/CN=HAProxy Technologies CA Test Client Auth"
66 expect resp.http.x-ssl-s_dn == "/C=FR/O=HAProxy Technologies Test/CN=client1"
67 expect resp.http.x-ssl-s_serial == "02"
68 expect resp.http.x-ssl-key_alg == "rsaEncryption"
69 expect resp.http.x-ssl-version == "1"
70} -run
71
72