summaryrefslogtreecommitdiffstats
path: root/reg-tests/connection/reverse_server_name.vtc
blob: 3a246017433eda30f9942b0902b711fb783d3305 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
varnishtest "Reverse server with a name parameter test"
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL)'"
feature ignore_unknown_macro

feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.9-dev0)'"

barrier b1 cond 2

haproxy h_edge -conf {
global
	expose-experimental-directives

defaults
	log global
	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
	timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
	timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
	mode http

frontend pub
	bind "fd@${pub}"
	use_backend be-reverse

backend be-reverse
	server dev rhttp@ ssl sni hdr(x-name) verify none

frontend priv
	bind "fd@${priv}" ssl crt ${testdir}/common.pem verify required ca-verify-file ${testdir}/ca-auth.crt alpn h2
	tcp-request session attach-srv be-reverse/dev name ssl_c_s_dn(CN)
} -start

# Simple clear <-> SSL bridge between clients and h_edge haproxy
# Used certificate has the name "client1"
haproxy h_ssl_bridge -conf {
defaults
	log global
	timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
	timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
	timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
	mode tcp

listen li
	bind "fd@${li}"
	server h_edge "${h_edge_priv_addr}:${h_edge_priv_port}" ssl crt ${testdir}/client1.pem verify none alpn h2
} -start

# Run a client through private endpoint
# Connection will be attached to the reverse server
client c_dev -connect ${h_ssl_bridge_li_sock} {
	txpri

	stream 0 {
		txsettings
		rxsettings
		txsettings -ack
		rxsettings
		expect settings.ack == true
	} -run

	barrier b1 sync
	stream 1 {
		rxhdrs
	} -run

	sendhex "000004 01 05 00000001 88 5c 01 30"
} -start

# Wait for dev client to be ready to process connection
barrier b1 sync

# Run a client through public endpoint
# Use a different name than the client certificate thus resulting in a 503
client c1 -connect ${h_edge_pub_sock} {
	txreq -url "/" \
	      -hdr "x-name: client99"
	rxresp
	expect resp.status == 503
} -run

# Run a client through public endpoint
# Use the correct name
client c2 -connect ${h_edge_pub_sock} {
	txreq -url "/" \
	      -hdr "x-name: client1"
	rxresp
	expect resp.status == 200
} -run