blob: 3780d1137ac9042bac2d6d91132a0038fca84f21 [file] [log] [blame]
William Lallemand9c1aa0a2019-12-19 11:25:19 +01001#REGTEST_TYPE=slow
2
3# This reg-test uses the "set ssl cert" command to update a certificate over the CLI.
4# It requires socat and curl to upload and validate that the certificate was well updated
5
6# If this test does not work anymore:
7# - Check that you have socat and curl
8# - Check that the curl -v option still return the SSL CN
9
10varnishtest "Test the 'set ssl cert' feature of the CLI"
Willy Tarreaufa10ffd2020-01-24 13:49:42 +010011#REQUIRE_VERSION=2.2
William Lallemand9c1aa0a2019-12-19 11:25:19 +010012#REQUIRE_OPTIONS=OPENSSL
William Lallemandd5b464b2019-12-19 14:30:00 +010013#REQUIRE_BINARIES=socat,curl
William Lallemand9c1aa0a2019-12-19 11:25:19 +010014feature ignore_unknown_macro
15
16
17haproxy h1 -conf {
18 global
19 tune.ssl.default-dh-param 2048
20 tune.ssl.capture-cipherlist-size 1
21 stats socket "${tmpdir}/h1/stats" level admin
22
23 listen frt
24 mode http
25 ${no-htx} option http-use-htx
26 bind "fd@${frt}" ssl crt ${testdir}/common.pem
27 http-request redirect location /
28} -start
29
30
31haproxy h1 -cli {
32 send "show ssl cert ${testdir}/common.pem"
33 expect ~ ".*SHA1 FingerPrint: 2195C9F0FD58470313013FC27C1B9CF9864BD1C6"
34}
35
36shell {
37 HOST=${h1_frt_addr}
38 if [ "${h1_frt_addr}" = "::1" ] ; then
39 HOST="\[::1\]"
40 fi
41 curl -v -i -k https://$HOST:${h1_frt_port} 2>&1 | grep CN=www.test1.com
42}
43
44shell {
Ilya Shipitsin3e34ac72020-01-08 22:56:30 +050045 printf "set ssl cert ${testdir}/common.pem <<\n$(cat ${testdir}/ecdsa.pem)\n\n" | socat "${tmpdir}/h1/stats" -
William Lallemand9c1aa0a2019-12-19 11:25:19 +010046 echo "commit ssl cert ${testdir}/common.pem" | socat "${tmpdir}/h1/stats" -
47}
48
49haproxy h1 -cli {
50 send "show ssl cert ${testdir}/common.pem"
51 expect ~ ".*SHA1 FingerPrint: A490D069DBAFBEE66DE434BEC34030ADE8BCCBF1"
52}
53
54shell {
55 HOST=${h1_frt_addr}
56 if [ "${h1_frt_addr}" = "::1" ] ; then
57 HOST="\[::1\]"
58 fi
59 curl -v -i -k https://$HOST:${h1_frt_port} 2>&1 | grep CN=localhost
60}