blob: 242d05953471c7ff745d68e4191f523a7b946415 [file] [log] [blame]
Amaury Denoyelle0ffad2d2021-06-18 16:30:36 +02001varnishtest "Add server via cli with SSL activated"
2
3feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.5-dev0)'"
4feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL)'"
5feature cmd "command -v socat"
6feature ignore_unknown_macro
7
8haproxy h1 -conf {
9 global
10 stats socket "${tmpdir}/h1/stats" level admin
11
12 defaults
13 mode http
Willy Tarreauf6739232021-11-18 17:46:22 +010014 timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
15 timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
16 timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
Amaury Denoyelle0ffad2d2021-06-18 16:30:36 +020017
18 # proxy to attach a ssl server
19 listen li-ssl
20 bind "fd@${feSsl}"
21 balance random
22
23 # frontend used to respond to ssl connection
24 frontend fe-ssl-term
25 bind "fd@${feSslTerm}" ssl crt ${testdir}/common.pem
26 http-request return status 200
27} -start
28
29### SSL SUPPORT
30# 1. first create a ca-file using CLI
31# 2. create an SSL server and use it
32
33client c1 -connect ${h1_feSsl_sock} {
34 txreq
35 rxresp
36 expect resp.status == 503
37} -run
38
39shell {
40 echo "new ssl ca-file common.pem" | socat "${tmpdir}/h1/stats" -
41 printf "set ssl ca-file common.pem <<\n$(cat ${testdir}/common.pem)\n\n" | socat "${tmpdir}/h1/stats" -
42 echo "commit ssl ca-file common.pem" | socat "${tmpdir}/h1/stats" -
43} -run
44
45haproxy h1 -cli {
46 send "show ssl ca-file common.pem"
47 expect ~ ".*SHA1 FingerPrint: 9A6418E498C43EDBCF5DD3C4C6FCD1EE0D7A946D"
48}
49
50haproxy h1 -cli {
51 # non existent backend
52 send "experimental-mode on; add server li-ssl/s1 ${h1_feSslTerm_addr}:${h1_feSslTerm_port} ssl ca-file common.pem verify none"
53 expect ~ "New server registered."
54
55 send "enable server li-ssl/s1"
56 expect ~ ".*"
57}
58
59client c2 -connect ${h1_feSsl_sock} {
60 txreq
61 rxresp
62 expect resp.status == 200
63} -run