summaryrefslogtreecommitdiffstats
path: root/reg-tests/ssl/ssl_curves.vtc
blob: 5cc70df1449069d96d8a3806fb8ebb2b1b0ba74d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#REGTEST_TYPE=devel

# This reg-test checks the behaviour of the 'curves' and 'ecdhe' options on a
# bind line.  Its main point is to ensure that the default curve used in
# HAProxy is indeed prime256v1 (or P-256 depending on the curve's
# representation). In order to check this, is uses two ssl frontends that have
# different lists of accepted curves, one of them accepting this default curve
# while the other one does not. A backend tries to connect to those two
# frontends by using the default curve, and it should succeed in one case and
# fail in the other.
# For some strange reason, OpenSSL 1.0.2 does not behave the same way as later
# versions when it comes to ECDH and curves related matters. Instead of trying
# to make it work the same way as the other (more used) versions, we will
# ignore it and disable this test on OpenSSL 1.0.2.
# For the same reason, this test is disabled for other SSL libraries as well.
#

varnishtest "Test the 'curves' and 'ecdhe' options and default curve value"
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && ssllib_name_startswith(OpenSSL) && openssl_version_atleast(1.1.1)'"
feature ignore_unknown_macro

server s1 -repeat 2 {
  rxreq
  txresp
} -start

barrier b1 cond 2 -cyclic

syslog Slg_cust_fmt -level info {
    recv
    expect ~ "ERROR.*conn_status:\"34:SSL handshake failure\" hsk_err:\".*wrong curve\".*"

    barrier b1 sync

    recv
    expect ~ "ERROR ECDHE.*conn_status:\"34:SSL handshake failure\" hsk_err:\".*wrong curve\".*"
} -start


haproxy h1 -conf {
    global
        tune.ssl.default-dh-param 2048

    defaults
        mode http
        option httpslog
        log stderr local0 debug err
        option logasap
        timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
        timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
        timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
        retries 0

    listen clear-lst
        bind "fd@${clearlst}"

        use_backend ssl-curves-be if { path /curves }
        use_backend ssl-ecdhe-521-be if { path /ecdhe-521 }
        use_backend ssl-ecdhe-256-be if { path /ecdhe-256 }
        default_backend ssl-be

    backend ssl-be
        server s1 "${tmpdir}/ssl1.sock" ssl verify none crt ${testdir}/client.ecdsa.pem force-tlsv12

    backend ssl-curves-be
        server s1 "${tmpdir}/ssl2.sock" ssl verify none crt ${testdir}/client.ecdsa.pem force-tlsv12

    backend ssl-ecdhe-256-be
        server s1 "${tmpdir}/ssl-ecdhe-256.sock" ssl verify none crt ${testdir}/client.ecdsa.pem force-tlsv12

    backend ssl-ecdhe-521-be
        server s1 "${tmpdir}/ssl-ecdhe-521.sock" ssl verify none crt ${testdir}/client.ecdsa.pem force-tlsv12


    listen ssl1-lst
        bind "${tmpdir}/ssl1.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional curves P-256:P-384
        server s1 ${s1_addr}:${s1_port}

    # The prime256v1 curve, which is used by default by a backend when no
    # 'curves' or 'ecdhe' option is specified, is not allowed on this listener
    listen ssl2-lst
        log ${Slg_cust_fmt_addr}:${Slg_cust_fmt_port} local0
        error-log-format "ERROR conn_status:\"%[fc_err]:%[fc_err_str]\" hsk_err:%{+Q}[ssl_fc_err_str]"

        bind "${tmpdir}/ssl2.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional curves P-384
        server s1 ${s1_addr}:${s1_port}

    listen ssl-ecdhe-521-lst
        log ${Slg_cust_fmt_addr}:${Slg_cust_fmt_port} local0
        error-log-format "ERROR ECDHE-521 conn_status:\"%[fc_err]:%[fc_err_str]\" hsk_err:%{+Q}[ssl_fc_err_str]"

        bind "${tmpdir}/ssl-ecdhe-521.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional ecdhe secp521r1
        server s1 ${s1_addr}:${s1_port}

    listen ssl-ecdhe-256-lst
        log ${Slg_cust_fmt_addr}:${Slg_cust_fmt_port} local0
        error-log-format "ERROR ECDHE-256 conn_status:\"%[fc_err]:%[fc_err_str]\" hsk_err:%{+Q}[ssl_fc_err_str]"

        bind "${tmpdir}/ssl-ecdhe-256.sock" ssl crt ${testdir}/common.pem ca-file ${testdir}/set_cafile_rootCA.crt verify optional ecdhe prime256v1
        server s1 ${s1_addr}:${s1_port}

} -start

client c1 -connect ${h1_clearlst_sock} {
  txreq
  rxresp
  expect resp.status == 200
} -run

# The backend tries to use the prime256v1 curve that is not accepted by the
# frontend so the handshake should fail.
client c2 -connect ${h1_clearlst_sock} {
  txreq -url "/curves"
  rxresp
  expect resp.status == 503
} -run

barrier b1 sync

# The backend tries to use the prime256v1 curve that is not accepted by the
# frontend so the handshake should fail.
client c3 -connect ${h1_clearlst_sock} {
  txreq -url "/ecdhe-521"
  rxresp
  expect resp.status == 503
} -run

client c4 -connect ${h1_clearlst_sock} {
  txreq -url "/ecdhe-256"
  rxresp
  expect resp.status == 200
} -run

syslog Slg_cust_fmt -wait