Amaury Denoyelle | 0ffad2d | 2021-06-18 16:30:36 +0200 | [diff] [blame] | 1 | varnishtest "Add server via cli with SSL activated" |
| 2 | |
| 3 | feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.5-dev0)'" |
| 4 | feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL)'" |
| 5 | feature cmd "command -v socat" |
| 6 | feature ignore_unknown_macro |
| 7 | |
| 8 | haproxy h1 -conf { |
| 9 | global |
| 10 | stats socket "${tmpdir}/h1/stats" level admin |
| 11 | |
| 12 | defaults |
| 13 | mode http |
Willy Tarreau | f673923 | 2021-11-18 17:46:22 +0100 | [diff] [blame] | 14 | timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" |
| 15 | timeout client "${HAPROXY_TEST_TIMEOUT-5s}" |
| 16 | timeout server "${HAPROXY_TEST_TIMEOUT-5s}" |
Amaury Denoyelle | 0ffad2d | 2021-06-18 16:30:36 +0200 | [diff] [blame] | 17 | |
| 18 | # proxy to attach a ssl server |
| 19 | listen li-ssl |
| 20 | bind "fd@${feSsl}" |
| 21 | balance random |
| 22 | |
| 23 | # frontend used to respond to ssl connection |
| 24 | frontend fe-ssl-term |
| 25 | bind "fd@${feSslTerm}" ssl crt ${testdir}/common.pem |
| 26 | http-request return status 200 |
| 27 | } -start |
| 28 | |
| 29 | ### SSL SUPPORT |
| 30 | # 1. first create a ca-file using CLI |
| 31 | # 2. create an SSL server and use it |
| 32 | |
| 33 | client c1 -connect ${h1_feSsl_sock} { |
| 34 | txreq |
| 35 | rxresp |
| 36 | expect resp.status == 503 |
| 37 | } -run |
| 38 | |
| 39 | shell { |
| 40 | echo "new ssl ca-file common.pem" | socat "${tmpdir}/h1/stats" - |
| 41 | printf "set ssl ca-file common.pem <<\n$(cat ${testdir}/common.pem)\n\n" | socat "${tmpdir}/h1/stats" - |
| 42 | echo "commit ssl ca-file common.pem" | socat "${tmpdir}/h1/stats" - |
| 43 | } -run |
| 44 | |
| 45 | haproxy h1 -cli { |
| 46 | send "show ssl ca-file common.pem" |
| 47 | expect ~ ".*SHA1 FingerPrint: 9A6418E498C43EDBCF5DD3C4C6FCD1EE0D7A946D" |
| 48 | } |
| 49 | |
| 50 | haproxy h1 -cli { |
| 51 | # non existent backend |
| 52 | send "experimental-mode on; add server li-ssl/s1 ${h1_feSslTerm_addr}:${h1_feSslTerm_port} ssl ca-file common.pem verify none" |
| 53 | expect ~ "New server registered." |
| 54 | |
| 55 | send "enable server li-ssl/s1" |
| 56 | expect ~ ".*" |
| 57 | } |
| 58 | |
| 59 | client c2 -connect ${h1_feSsl_sock} { |
| 60 | txreq |
| 61 | rxresp |
| 62 | expect resp.status == 200 |
| 63 | } -run |