diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:18:05 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:18:05 +0000 |
commit | b46aad6df449445a9fc4aa7b32bd40005438e3f7 (patch) | |
tree | 751aa858ca01f35de800164516b298887382919d /tests/conf/test-srv-verify.cfg | |
parent | Initial commit. (diff) | |
download | haproxy-b46aad6df449445a9fc4aa7b32bd40005438e3f7.tar.xz haproxy-b46aad6df449445a9fc4aa7b32bd40005438e3f7.zip |
Adding upstream version 2.9.5.upstream/2.9.5
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/conf/test-srv-verify.cfg')
-rw-r--r-- | tests/conf/test-srv-verify.cfg | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/tests/conf/test-srv-verify.cfg b/tests/conf/test-srv-verify.cfg new file mode 100644 index 0000000..e3ccc83 --- /dev/null +++ b/tests/conf/test-srv-verify.cfg @@ -0,0 +1,57 @@ +global + maxconn 490 + stats socket /tmp/sock1 mode 666 level admin + stats timeout 10m + ssl-server-verify none + tune.ssl.default-dh-param 1024 + log /dev/log local0 debug info + +defaults + mode http + log global + option httplog + option dontlognull + timeout connect 5s + timeout http-keep-alive 15s + timeout http-request 15s + timeout queue 30s + timeout tarpit 1m + timeout tunnel 300s + timeout client 30s + timeout server 60s + +listen 1 + bind :8001 + + # passes checks and traffic (no hostname check) + # server ssl 127.0.0.1:8443 ssl verify required check inter 500 ca-file rsa2048.pem + + # passes checks and traffic (localhost is what the server presents) + # server ssl 127.0.0.1:8443 ssl verify required check inter 500 ca-file rsa2048.pem verifyhost localhost + + # fails checks and traffic (foo not matched on the server) + # server ssl 127.0.0.1:8443 ssl verify required check inter 500 ca-file rsa2048.pem verifyhost foo + + # passes checks and traffic (verify none ignores the host) + # server ssl 127.0.0.1:8443 ssl verify none check inter 500 ca-file rsa2048.pem verifyhost foo + + # passes checks and traffic (localhost is fine) + # server ssl 127.0.0.1:8443 ssl verify required check inter 500 ca-file rsa2048.pem sni str(localhost) verifyhost localhost + + # passes checks and traffic (verifyhost overrides sni) + # server ssl 127.0.0.1:8443 ssl verify required check inter 500 ca-file rsa2048.pem sni str(foo) verifyhost localhost + + # passes checks and traffic (localhost always valid) + # server ssl 127.0.0.1:8443 ssl verify required check inter 500 ca-file rsa2048.pem sni str(localhost) + + # passes checks, and traffic without host or with "host: localhost" and fails other hosts. + server ssl 127.0.0.1:8443 ssl verify required check inter 500 ca-file rsa2048.pem sni req.hdr(host) + + # just for tests + #server clear 127.0.0.1:8480 + +listen 2 + bind :8480 + bind :8443 ssl crt rsa2048.pem + stats uri / + |