Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / eaded987eec4936855d91474c5a0ff1bef420cd6 / . / reg-tests / ssl / dynamic_server_ssl.vtc
blob: b7730f558350696480066b3e343eef021c0cbcbf [file] [log] [blame]
William Lallemandacd546b2021-12-30 14:57:32 +0100[diff] [blame]1#REGTEST_TYPE=bug
Ilya Shipitsin37d3e382022-01-07 14:46:15 +0500[diff] [blame]2# Test if a certificate can be dynamically updated once a server which used it
William Lallemandacd546b2021-12-30 14:57:32 +0100[diff] [blame]3# was removed.
4#
5varnishtest "Delete server via cli and update certificates"
6
7feature ignore_unknown_macro
8
9#REQUIRE_VERSION=2.4
10#REQUIRE_OPTIONS=OPENSSL
11feature cmd "command -v socat"
12
13# static server
14server s1 -repeat 3 {
15 rxreq
16 txresp \
17 -body "resp from s1"
18} -start
19
20haproxy h1 -conf {
21 global
22 stats socket "${tmpdir}/h1/stats" level admin
23
24 defaults
25 mode http
Willy Tarreau42f2a512022-02-16 10:45:23 +0100[diff] [blame]26 option httpclose
William Lallemandacd546b2021-12-30 14:57:32 +0100[diff] [blame]27 timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
28 timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
29 timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
30
31 frontend fe
32 bind "fd@${feS}"
33 default_backend test
34
35 backend test
36 server s1 "${tmpdir}/ssl.sock" ssl verify none crt "${testdir}/client1.pem"
37 server s2 "${tmpdir}/ssl.sock" ssl verify none crt "${testdir}/client1.pem"
38 server s3 "${tmpdir}/ssl.sock" ssl verify none crt "${testdir}/client1.pem"
39
40
41 listen ssl-lst
42 bind "${tmpdir}/ssl.sock" ssl crt "${testdir}/common.pem"
43 server s1 ${s1_addr}:${s1_port}
44
45} -start
46
47
48haproxy h1 -cli {
49 send "show ssl cert ${testdir}/client1.pem"
50 expect ~ ".*SHA1 FingerPrint: D9C3BAE37EA5A7EDB7B3C9BDD4DCB2FE58A412E4"
51}
52client c1 -connect ${h1_feS_sock} {
53 txreq
54 rxresp
55 expect resp.body == "resp from s1"
56} -run
57
58haproxy h1 -cli {
59 send "show ssl cert ${testdir}/client1.pem"
60 expect ~ ".*SHA1 FingerPrint: D9C3BAE37EA5A7EDB7B3C9BDD4DCB2FE58A412E4"
61}
62
63## delete the servers
64haproxy h1 -cli {
65 send "disable server test/s1"
66 expect ~ ".*"
67 send "disable server test/s2"
68 expect ~ ".*"
69 send "disable server test/s3"
70 expect ~ ".*"
71
72 # valid command
Amaury Denoyelle76e8b702022-03-09 15:07:31 +0100[diff] [blame]73 send "del server test/s1"
William Lallemandacd546b2021-12-30 14:57:32 +0100[diff] [blame]74 expect ~ "Server deleted."
Amaury Denoyelle76e8b702022-03-09 15:07:31 +0100[diff] [blame]75 send "del server test/s2"
William Lallemandacd546b2021-12-30 14:57:32 +0100[diff] [blame]76 expect ~ "Server deleted."
Amaury Denoyelle76e8b702022-03-09 15:07:31 +0100[diff] [blame]77 send "del server test/s3"
William Lallemandacd546b2021-12-30 14:57:32 +0100[diff] [blame]78 expect ~ "Server deleted."
79}
80
81# Replace certificate with an expired one
82shell {
83 printf "set ssl cert ${testdir}/client1.pem <<\n$(cat ${testdir}/client2_expired.pem)\n\n" | socat "${tmpdir}/h1/stats" -
84 echo "commit ssl cert ${testdir}/client1.pem" | socat "${tmpdir}/h1/stats" -
85}
86
87haproxy h1 -cli {
88 send "show ssl cert ${testdir}/client1.pem"
89 expect ~ ".*SHA1 FingerPrint: C625EB01A0A660294B9D7F44C5CEEE5AFC495BE4"
90}
91
92haproxy h1 -cli {
93 send "show ssl cert ${testdir}/client1.pem"
94 expect ~ ".*Status: Unused"
95}
96
97haproxy h1 -cli {
Amaury Denoyelle76e8b702022-03-09 15:07:31 +0100[diff] [blame]98 send "add server test/s1 ${tmpdir}/ssl.sock ssl verify none crt ${testdir}/client1.pem"
William Lallemandacd546b2021-12-30 14:57:32 +0100[diff] [blame]99 expect ~ "New server registered."
100 send "enable server test/s1"
101 expect ~ ".*"
102 send "show ssl cert ${testdir}/client1.pem"
103 expect ~ ".*Status: Used"
104}
105
106
107# check that servers are active
108client c1 -connect ${h1_feS_sock} {
109 txreq
110 rxresp
111 expect resp.body == "resp from s1"
112} -run
113