summaryrefslogtreecommitdiffstats
path: root/reg-tests/ssl/dynamic_server_ssl.vtc
blob: b7730f558350696480066b3e343eef021c0cbcbf (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#REGTEST_TYPE=bug
# Test if a certificate can be dynamically updated once a server which used it
# was removed.
#
varnishtest "Delete server via cli and update certificates"

feature ignore_unknown_macro

#REQUIRE_VERSION=2.4
#REQUIRE_OPTIONS=OPENSSL
feature cmd "command -v socat"

# static server
server s1 -repeat 3 {
	rxreq
	txresp \
	  -body "resp from s1"
} -start

haproxy h1 -conf {
	global
		stats socket "${tmpdir}/h1/stats" level admin

	defaults
		mode http
		option httpclose
		timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
		timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
		timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"

	frontend fe
		bind "fd@${feS}"
		default_backend test

	backend test
		server s1 "${tmpdir}/ssl.sock" ssl verify none crt "${testdir}/client1.pem"
		server s2 "${tmpdir}/ssl.sock" ssl verify none crt "${testdir}/client1.pem"
		server s3 "${tmpdir}/ssl.sock" ssl verify none crt "${testdir}/client1.pem"


	listen ssl-lst
		bind "${tmpdir}/ssl.sock" ssl crt "${testdir}/common.pem"
		server s1 ${s1_addr}:${s1_port}

} -start


haproxy h1 -cli {
    send "show ssl cert ${testdir}/client1.pem"
    expect ~ ".*SHA1 FingerPrint: D9C3BAE37EA5A7EDB7B3C9BDD4DCB2FE58A412E4"
}
client c1 -connect ${h1_feS_sock} {
	txreq
	rxresp
	expect resp.body == "resp from s1"
} -run

haproxy h1 -cli {
    send "show ssl cert ${testdir}/client1.pem"
    expect ~ ".*SHA1 FingerPrint: D9C3BAE37EA5A7EDB7B3C9BDD4DCB2FE58A412E4"
}

## delete the  servers
haproxy h1 -cli {
	send "disable server test/s1"
	expect ~ ".*"
	send "disable server test/s2"
	expect ~ ".*"
	send "disable server test/s3"
	expect ~ ".*"

	# valid command
	send "del server test/s1"
	expect ~ "Server deleted."
	send "del server test/s2"
	expect ~ "Server deleted."
	send "del server test/s3"
	expect ~ "Server deleted."
}

# Replace certificate with an expired one
shell {
    printf "set ssl cert ${testdir}/client1.pem <<\n$(cat ${testdir}/client2_expired.pem)\n\n" | socat "${tmpdir}/h1/stats" -
    echo "commit ssl cert ${testdir}/client1.pem" | socat "${tmpdir}/h1/stats" -
}

haproxy h1 -cli {
    send "show ssl cert ${testdir}/client1.pem"
    expect ~ ".*SHA1 FingerPrint: C625EB01A0A660294B9D7F44C5CEEE5AFC495BE4"
}

haproxy h1 -cli {
	send "show ssl cert ${testdir}/client1.pem"
	expect ~ ".*Status: Unused"
}

haproxy h1 -cli {
	send "add server test/s1 ${tmpdir}/ssl.sock ssl verify none crt ${testdir}/client1.pem"
	expect ~ "New server registered."
	send "enable server test/s1"
	expect ~ ".*"
	send "show ssl cert ${testdir}/client1.pem"
	expect ~ ".*Status: Used"
}


# check that servers are active
client c1 -connect ${h1_feS_sock} {
	txreq
	rxresp
	expect resp.body == "resp from s1"
} -run