diff options
Diffstat (limited to 'reg-tests/connection/reverse_server_name.vtc')
-rw-r--r-- | reg-tests/connection/reverse_server_name.vtc | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/reg-tests/connection/reverse_server_name.vtc b/reg-tests/connection/reverse_server_name.vtc new file mode 100644 index 0000000..0fd850f --- /dev/null +++ b/reg-tests/connection/reverse_server_name.vtc @@ -0,0 +1,87 @@ +varnishtest "Reverse server with a name parameter test" +feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL)'" +feature ignore_unknown_macro + +#REQUIRE_VERSION=2.9 + +barrier b1 cond 2 + +haproxy h_edge -conf { +global + expose-experimental-directives + +defaults + log global + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + mode http + +frontend pub + bind "fd@${pub}" + use_backend be-reverse + +backend be-reverse + server dev rhttp@ ssl sni hdr(x-name) verify none + +frontend priv + bind "fd@${priv}" ssl crt ${testdir}/common.pem verify required ca-verify-file ${testdir}/ca-auth.crt alpn h2 + tcp-request session attach-srv be-reverse/dev name ssl_c_s_dn(CN) +} -start + +# Simple clear <-> SSL bridge between clients and h_edge haproxy +# Used certificate has the name "client1" +haproxy h_ssl_bridge -conf { +defaults + log global + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + mode tcp + +listen li + bind "fd@${li}" + server h_edge "${h_edge_priv_addr}:${h_edge_priv_port}" ssl crt ${testdir}/client1.pem verify none alpn h2 +} -start + +# Run a client through private endpoint +# Connection will be attached to the reverse server +client c_dev -connect ${h_ssl_bridge_li_sock} { + txpri + + stream 0 { + txsettings + rxsettings + txsettings -ack + rxsettings + expect settings.ack == true + } -run + + barrier b1 sync + stream 1 { + rxhdrs + } -run + + sendhex "000004 01 05 00000001 88 5c 01 30" +} -start + +# Wait for dev client to be ready to process connection +barrier b1 sync + +# Run a client through public endpoint +# Use a different name than the client certificate thus resulting in a 503 +client c1 -connect ${h_edge_pub_sock} { + txreq -url "/" \ + -hdr "x-name: client99" + rxresp + expect resp.status == 503 +} -run + +# Run a client through public endpoint +# Use the correct name +client c2 -connect ${h_edge_pub_sock} { + txreq -url "/" \ + -hdr "x-name: client1" + rxresp + expect resp.status == 200 +} -run |