From da76459dc21b5af2449af2d36eb95226cb186ce2 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 28 Apr 2024 11:35:11 +0200
Subject: Adding upstream version 2.6.12.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 reg-tests/server/cli_add_ssl_server.vtc | 110 ++++++++++++++++++++++++++++++++
 1 file changed, 110 insertions(+)
 create mode 100644 reg-tests/server/cli_add_ssl_server.vtc

(limited to 'reg-tests/server/cli_add_ssl_server.vtc')

diff --git a/reg-tests/server/cli_add_ssl_server.vtc b/reg-tests/server/cli_add_ssl_server.vtc
new file mode 100644
index 0000000..95caf3f
--- /dev/null
+++ b/reg-tests/server/cli_add_ssl_server.vtc
@@ -0,0 +1,110 @@
+varnishtest "Add server via cli with SSL activated"
+
+feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.5-dev0)'"
+feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL)'"
+feature cmd "command -v socat"
+feature ignore_unknown_macro
+
+barrier b1 cond 2 -cyclic
+
+syslog S1 -level notice {
+	recv
+	expect ~ ".*Server li-ssl/s1 is UP/READY \\(leaving forced maintenance\\)."
+	recv
+	expect ~ ".*Server li-ssl/s2 is UP/READY \\(leaving forced maintenance\\)."
+	recv
+	expect ~ "Health check for server li-ssl/s2 failed"
+
+	barrier b1 sync
+
+	recv
+	expect ~ ".*Server li-ssl/s3 is UP/READY \\(leaving forced maintenance\\)."
+	recv
+	expect ~ "Health check for server li-ssl/s3 succeeded."
+} -start
+
+haproxy h1 -conf {
+	global
+		stats socket "${tmpdir}/h1/stats" level admin
+
+	defaults
+		mode http
+		timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+		timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+		timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+		option log-health-checks
+		option httpchk GET /
+
+	# proxy to attach a ssl server
+	listen li-ssl
+		bind "fd@${feSsl}"
+		balance random
+		log ${S1_addr}:${S1_port} daemon
+
+	# frontend used to respond to ssl connection
+	frontend fe-ssl-term
+		bind "fd@${feSslTerm}" ssl crt ${testdir}/common.pem
+		http-request return status 200
+} -start
+
+### SSL SUPPORT
+# 1. first create a ca-file using CLI
+# 2. create an SSL server and use it
+
+client c1 -connect ${h1_feSsl_sock} {
+	txreq
+	rxresp
+	expect resp.status == 503
+} -run
+
+shell {
+	echo "new ssl ca-file common.pem" | socat "${tmpdir}/h1/stats" -
+	printf "set ssl ca-file common.pem <<\n$(cat ${testdir}/common.pem)\n\n" | socat "${tmpdir}/h1/stats" -
+	echo "commit ssl ca-file common.pem" | socat "${tmpdir}/h1/stats" -
+} -run
+
+haproxy h1 -cli {
+    send "show ssl ca-file common.pem"
+    expect ~ ".*SHA1 FingerPrint: 9A6418E498C43EDBCF5DD3C4C6FCD1EE0D7A946D"
+}
+
+haproxy h1 -cli {
+	# non existent backend
+	send "add server li-ssl/s1 ${h1_feSslTerm_addr}:${h1_feSslTerm_port} ssl ca-file common.pem verify none"
+	expect ~ "New server registered."
+
+	send "enable server li-ssl/s1"
+	expect ~ ".*"
+}
+
+client c2 -connect ${h1_feSsl_sock} {
+	txreq
+	rxresp
+	expect resp.status == 200
+} -run
+
+# test interaction between SSL and checks for dynamic servers
+haproxy h1 -cli {
+	# no explicit check-ssl
+	# The health check should failed.
+	send "add server li-ssl/s2 ${h1_feSslTerm_addr}:${h1_feSslTerm_port} ssl verify none check"
+	expect ~ "New server registered."
+
+	send "enable server li-ssl/s2"
+	expect ~ ".*"
+	send "enable health li-ssl/s2"
+	expect ~ ".*"
+
+	barrier b1 sync
+
+	# explicit check-ssl : health check should succeeded
+	send "add server li-ssl/s3 ${h1_feSslTerm_addr}:${h1_feSslTerm_port} ssl verify none check check-ssl"
+	expect ~ "New server registered."
+
+	send "enable server li-ssl/s3"
+	expect ~ ".*"
+	send "enable health li-ssl/s3"
+	expect ~ ".*"
+}
+
+syslog S1 -wait
-- 
cgit v1.2.3