From da76459dc21b5af2449af2d36eb95226cb186ce2 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 28 Apr 2024 11:35:11 +0200
Subject: Adding upstream version 2.6.12.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 reg-tests/checks/tls_health_checks.vtc | 118 +++++++++++++++++++++++++++++++++
 1 file changed, 118 insertions(+)
 create mode 100644 reg-tests/checks/tls_health_checks.vtc

(limited to 'reg-tests/checks/tls_health_checks.vtc')

diff --git a/reg-tests/checks/tls_health_checks.vtc b/reg-tests/checks/tls_health_checks.vtc
new file mode 100644
index 0000000..1989d65
--- /dev/null
+++ b/reg-tests/checks/tls_health_checks.vtc
@@ -0,0 +1,118 @@
+varnishtest "Health-check test over TLS/SSL"
+#REQUIRE_OPTIONS=OPENSSL
+#REGTEST_TYPE=slow
+feature ignore_unknown_macro
+
+
+# This script tests health-checks for a TLS/SSL backend with "option httpchk"
+# and "check-ssl" option enabled attached to h2 haproxy process. This haproxy
+# h2 process is chained to h1 other one.
+#
+server s1 {
+    rxreq
+    expect req.method == OPTIONS
+    expect req.url == *
+    expect req.proto == HTTP/1.1
+    txresp
+} -start
+
+server s2 {
+} -start
+
+server s3 {
+    rxreq
+    expect req.method == OPTIONS
+    expect req.url == *
+    expect req.proto == HTTP/1.1
+    txresp
+} -start
+
+syslog S1 -level notice {
+    recv info
+    expect ~ "[^:\\[ ]\\[${h1_pid}\\]: .* fe1~ be1/srv1 .* 200 [[:digit:]]+ - - ---- .* \"OPTIONS \\* HTTP/1.1\""
+} -start
+
+haproxy h1 -conf {
+    global
+        tune.ssl.default-dh-param 2048
+
+    defaults
+        mode http
+        timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
+        timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
+        timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+
+    backend be1
+        server srv1 ${s1_addr}:${s1_port}
+
+    backend be2
+        server srv2 ${s2_addr}:${s2_port}
+
+    backend be3
+        server srv3 ${s3_addr}:${s3_port}
+
+    frontend fe1
+        option httplog
+        log ${S1_addr}:${S1_port} len 2048 local0 debug err
+        bind "fd@${fe1}" ssl crt ${testdir}/common.pem
+        use_backend be1
+
+    frontend fe2
+        option tcplog
+        bind "fd@${fe2}" ssl crt ${testdir}/common.pem
+        use_backend be2
+
+    frontend fe3
+        option httplog
+        bind "fd@${fe3}" ssl crt ${testdir}/common.pem
+        use_backend be3
+} -start
+
+syslog S2 -level notice {
+    recv
+    expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be2/srv1 succeeded, reason: Layer7 check passed.+code: 200.+check duration: [[:digit:]]+ms, status: 1/1 UP."
+} -start
+
+syslog S4 -level notice {
+    recv
+    expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be4/srv2 succeeded, reason: Layer6 check passed.+check duration: [[:digit:]]+ms, status: 1/1 UP."
+} -start
+
+syslog S6 -level notice {
+    recv
+    expect ~ "[^:\\[ ]\\[${h2_pid}\\]: Health check for server be6/srv3 succeeded, reason: Layer7 check passed.+code: 200.+check duration: [[:digit:]]+ms, status: 1/1 UP."
+} -start
+
+haproxy h2 -conf {
+    global
+        tune.ssl.default-dh-param 2048
+
+    defaults
+        timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
+        timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
+        timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+        default-server downinter 1s inter 500 rise 1 fall 1
+
+    backend be2
+        option log-health-checks
+        option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www
+        log ${S2_addr}:${S2_port} daemon
+        server srv1 ${h1_fe1_addr}:${h1_fe1_port} ssl crt ${testdir}/common.pem verify none check
+
+    backend be4
+        option log-health-checks
+        log ${S4_addr}:${S4_port} daemon
+        server srv2 ${h1_fe2_addr}:${h1_fe2_port} ssl crt ${testdir}/common.pem verify none check-ssl check
+
+    backend be6
+        option log-health-checks
+        option httpchk OPTIONS * HTTP/1.1\r\nHost:\ www
+        log ${S6_addr}:${S6_port} daemon
+        server srv3 127.0.0.1:80 crt ${testdir}/common.pem verify none check check-ssl port ${h1_fe3_port} addr ${h1_fe3_addr}:80
+} -start
+
+syslog S1 -wait
+
+syslog S2 -wait
+syslog S4 -wait
+syslog S6 -wait
-- 
cgit v1.2.3