diff options
Diffstat (limited to 'reg-tests/server/cli_add_ssl_server.vtc')
| -rw-r--r-- | reg-tests/server/cli_add_ssl_server.vtc | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/reg-tests/server/cli_add_ssl_server.vtc b/reg-tests/server/cli_add_ssl_server.vtc new file mode 100644 index 0000000..48faee1 --- /dev/null +++ b/reg-tests/server/cli_add_ssl_server.vtc @@ -0,0 +1,110 @@ +varnishtest "Add server via cli with SSL activated" + +feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.5-dev0)'" +feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL)'" +feature cmd "command -v socat" +feature ignore_unknown_macro + +barrier b1 cond 2 -cyclic + +syslog S1 -level notice { + recv + expect ~ ".*Server li-ssl/s1 is UP/READY \\(leaving forced maintenance\\)." + recv + expect ~ ".*Server li-ssl/s2 is UP/READY \\(leaving forced maintenance\\)." + recv + expect ~ "Health check for server li-ssl/s2 failed" + + barrier b1 sync + + recv + expect ~ ".*Server li-ssl/s3 is UP/READY \\(leaving forced maintenance\\)." + recv + expect ~ "Health check for server li-ssl/s3 succeeded." +} -start + +haproxy h1 -conf { + global + stats socket "${tmpdir}/h1/stats" level admin + + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + option log-health-checks + option httpchk GET / + + # proxy to attach a ssl server + listen li-ssl + bind "fd@${feSsl}" + balance random + log ${S1_addr}:${S1_port} daemon + + # frontend used to respond to ssl connection + frontend fe-ssl-term + bind "fd@${feSslTerm}" ssl crt ${testdir}/common.pem + http-request return status 200 +} -start + +### SSL SUPPORT +# 1. first create a ca-file using CLI +# 2. create an SSL server and use it + +client c1 -connect ${h1_feSsl_sock} { + txreq + rxresp + expect resp.status == 503 +} -run + +shell { + echo "new ssl ca-file common.pem" | socat "${tmpdir}/h1/stats" - + printf "set ssl ca-file common.pem <<\n$(cat ${testdir}/common.pem)\n\n" | socat "${tmpdir}/h1/stats" - + echo "commit ssl ca-file common.pem" | socat "${tmpdir}/h1/stats" - +} -run + +haproxy h1 -cli { + send "show ssl ca-file common.pem" + expect ~ ".*SHA1 FingerPrint: DF3B6E847A7BF83DFAAFCFEC65EE9BC36230D3EA" +} + +haproxy h1 -cli { + # non existent backend + send "add server li-ssl/s1 ${h1_feSslTerm_addr}:${h1_feSslTerm_port} ssl ca-file common.pem verify none" + expect ~ "New server registered." + + send "enable server li-ssl/s1" + expect ~ ".*" +} + +client c2 -connect ${h1_feSsl_sock} { + txreq + rxresp + expect resp.status == 200 +} -run + +# test interaction between SSL and checks for dynamic servers +haproxy h1 -cli { + # no explicit check-ssl + # The health check should failed. + send "add server li-ssl/s2 ${h1_feSslTerm_addr}:${h1_feSslTerm_port} ssl verify none check" + expect ~ "New server registered." + + send "enable server li-ssl/s2" + expect ~ ".*" + send "enable health li-ssl/s2" + expect ~ ".*" + + barrier b1 sync + + # explicit check-ssl : health check should succeeded + send "add server li-ssl/s3 ${h1_feSslTerm_addr}:${h1_feSslTerm_port} ssl verify none check check-ssl" + expect ~ "New server registered." + + send "enable server li-ssl/s3" + expect ~ ".*" + send "enable health li-ssl/s3" + expect ~ ".*" +} + +syslog S1 -wait |