blob: db5305abfa689904318b36bdba9761ea09b0eda9 [file] [log] [blame]
William Lallemand86bc9532020-06-26 12:03:45 +02001#REGTEST_TYPE=devel
2
3varnishtest "Test the ssl_c_* sample fetches"
4#REQUIRE_VERSION=1.6
5#REQUIRE_OPTIONS=OPENSSL
6feature ignore_unknown_macro
7
8server s1 -repeat 3 {
9 rxreq
10 txresp
11} -start
12
13haproxy h1 -conf {
14 global
15 tune.ssl.default-dh-param 2048
16 tune.ssl.capture-cipherlist-size 1
17 crt-base ${testdir}
18
19 defaults
20 mode http
21 option httplog
22 ${no-htx} option http-use-htx
23 log stderr local0 debug err
24 option logasap
25 timeout connect 1s
26 timeout client 1s
27 timeout server 1s
28
29
30 listen clear-lst
31 bind "fd@${clearlst}"
32 balance roundrobin
33 server s1 "${tmpdir}/ssl.sock" ssl verify none crt ${testdir}/client1.pem
34
35 listen ssl-lst
36 mode http
37 ${no-htx} option http-use-htx
38
39 http-response add-header x-ssl-der %[ssl_c_der,hex]
40 http-response add-header x-ssl-sha1 %[ssl_c_sha1,hex]
41 http-response add-header x-ssl-notafter %[ssl_c_notafter]
42 http-response add-header x-ssl-notbefore %[ssl_c_notbefore]
43 http-response add-header x-ssl-sig_alg %[ssl_c_sig_alg]
44 http-response add-header x-ssl-i_dn %[ssl_c_i_dn]
45 http-response add-header x-ssl-s_dn %[ssl_c_s_dn]
46 http-response add-header x-ssl-s_serial %[ssl_c_serial,hex]
47 http-response add-header x-ssl-key_alg %[ssl_c_key_alg]
48 http-response add-header x-ssl-version %[ssl_c_version]
49
50 bind "${tmpdir}/ssl.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/ca-auth.crt verify optional crt-ignore-err all crl-file ${testdir}/crl-auth.pem
51
52 server s1 ${s1_addr}:${s1_port}
53} -start
54
55
56client c1 -connect ${h1_clearlst_sock} {
57 txreq
58 rxresp
59 expect resp.status == 200
60 expect resp.http.x-ssl-der ~ 3082052D30820315020102300D0.*995ED3BE2BFB923A3EB71FA07002E
61 expect resp.http.x-ssl-sha1 == "D9C3BAE37EA5A7EDB7B3C9BDD4DCB2FE58A412E4"
62 expect resp.http.x-ssl-notafter == "500421185942Z"
63 expect resp.http.x-ssl-notbefore == "200428185942Z"
64 expect resp.http.x-ssl-sig_alg == "RSA-SHA256"
65 expect resp.http.x-ssl-i_dn == "/C=FR/ST=Some-State/O=HAProxy Technologies/CN=HAProxy Technologies CA Test Client Auth"
66 expect resp.http.x-ssl-s_dn == "/C=FR/O=HAProxy Technologies Test/CN=client1"
67 expect resp.http.x-ssl-s_serial == "02"
68 expect resp.http.x-ssl-key_alg == "rsaEncryption"
69 expect resp.http.x-ssl-version == "1"
70} -run
71
72