Adding upstream version 2.9.5.upstream/2.9.5

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 37 insertions, 0 deletions

diff --git a/tests/conf/test-inspect-ssl.cfg b/tests/conf/test-inspect-ssl.cfg
new file mode 100644
index 0000000..582d1a2
--- /dev/null
+++ b/tests/conf/test-inspect-ssl.cfg
@@ -0,0 +1,37 @@
+# This is a test configuration. It listens on port 8443, waits for an incoming
+# connection, and applies the following rules :
+#   - if the address is in the white list, then accept it and forward the
+#     connection to the server (local port 443)
+#   - if the address is in the black list, then immediately drop it
+#   - otherwise, wait up to 3 seconds for valid SSL data to come in. If those
+#     data are identified as SSL, the connection is immediately accepted, and
+#     if they are definitely identified as non-SSL, the connection is rejected,
+#     which will happen upon timeout if they still don't match SSL.
+
+listen block-non-ssl
+	log 127.0.0.1:514 local0
+	option tcplog
+
+	mode tcp
+	bind :8443
+	timeout  client 6s
+	timeout  server 6s
+	timeout connect 6s
+
+	tcp-request inspect-delay 4s
+
+	acl white_list src 127.0.0.2
+	acl black_list src 127.0.0.3
+
+	# note: SSLv2 is not used anymore, SSLv3.1 is TLSv1.
+	acl obsolete_ssl  req_ssl_ver   lt 3
+	acl correct_ssl   req_ssl_ver   3.0-3.1
+	acl invalid_ssl   req_ssl_ver   gt 3.1
+
+	tcp-request content accept if white_list
+	tcp-request content reject if black_list
+	tcp-request content reject if !correct_ssl
+
+	balance roundrobin
+	server srv1 127.0.0.1:443
+