mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-05-04 12:41:00 +02:00
Code Issues Projects Releases Wiki Activity

REGTEST: quic: add ssl_reuse.vtc new QUIC test

Browse Source 
Note that this test does not work with OpenSSL 3.5.0 QUIC API because
the callback set by SSL_CTX_sess_set_new_cb() (ssl_sess_new_srv_cb()) is not
called (at least for QUIC clients)

The role of this new QUIC test is to run the same SSL/TCP test as
reg-tests/ssl/ssl_reuse.vtc but with QUIC connections where applicable (only with
TLSv1.3).

To do so, this QUIC test uses the "include" vtc command to run ssl/ssl_reuse.vtc
It also sets the VTC_SOCK_TYPE environment variable with the "setenv" command and
"quic" as value. This will ask vtest2 to use QUIC sockets for all "fd@{...}"
addresses prefixed by "${VTC_SOCK_TYPE}+" socket type if VTC_SOCK_TYPE value is "quic".

The SSL/TCP is modified to set this environment variable with "setenv -ifunset"
from ssl/ssl_reuse.vtc with "stream" as value, if it not already set.

vtest2 must be used with this patch to support this new QUIC test:
9aa4d498db

Thanks to this latter patch, vtest2 retrieves the VTC_SOCK_TYPE environment variable
value, then it parses the vtc file to retrieve all the fd addresses prefixed by
"${VTC_SOCK_TYPE}+" and creates a QUIC socket or a TCP socket depending on this
variable value.
This commit is contained in:
Frederic Lecaille 2025-10-17 16:30:18 +02:00
parent b3d6f44af8
commit 2f621aa52e
2 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
reg-tests/quic/ssl_reuse.vtc Normal file
View File

@ -0,0 +1,10 @@
#REGTEST_TYPE=devel
# Same test as ssl/ssl_reuse.vtc, but with QUIC connections where applicable (only for TLSv3)
varnishtest "Test if the SSL session/ticket reuse work correctly"
feature cmd "$HAPROXY_PROGRAM -cc 'feature(QUIC) && !feature(QUIC_OPENSSL_COMPAT) && !feature(OPENSSL_WOLFSSL) && openssl_version_before(3.5.0)'"
setenv VTC_SOCK_TYPE quic
include ${testdir}/../ssl/ssl_reuse.vtc

14
reg-tests/ssl/ssl_reuse.vtc
View File

@ -13,8 +13,14 @@ server s1 -repeat 84 {
txresp
} -start
setenv -ifunset VTC_SOCK_TYPE stream
haproxy h1 -conf {
global
.if streq("$VTC_SOCK_TYPE",quic)
# required for backend connections
expose-experimental-directives
.endif
.if feature(THREAD)
thread-groups 1
.endif
@ -45,19 +51,19 @@ haproxy h1 -conf {
listen clst3
bind "fd@${clst3}"
server s1 "${h1_fe3_addr}:${h1_fe3_port}" ssl verify none sni str(www.test1.com)
server s1 "${VTC_SOCK_TYPE}+${h1_fe3_addr}:${h1_fe3_port}" ssl verify none sni str(www.test1.com)
http-response add-header x-ssl-bc-resumed %[ssl_bc_is_resumed]
listen clst4
bind "fd@${clst4}"
server s1 "${h1_fe4_addr}:${h1_fe4_port}" ssl verify none sni str(www.test1.com)
server s1 "${VTC_SOCK_TYPE}+${h1_fe4_addr}:${h1_fe4_port}" ssl verify none sni str(www.test1.com)
http-response add-header x-ssl-bc-resumed %[ssl_bc_is_resumed]
listen ssl
bind "fd@${fe1}" ssl crt ${testdir}/common.pem ssl-max-ver TLSv1.2
bind "fd@${fe2}" ssl crt ${testdir}/common.pem ssl-max-ver TLSv1.2 no-tls-tickets
bind "fd@${fe3}" ssl crt ${testdir}/common.pem ssl-min-ver TLSv1.3
bind "fd@${fe4}" ssl crt ${testdir}/common.pem ssl-min-ver TLSv1.3 no-tls-tickets
bind "${VTC_SOCK_TYPE}+fd@${fe3}" ssl crt ${testdir}/common.pem ssl-min-ver TLSv1.3
bind "${VTC_SOCK_TYPE}+fd@${fe4}" ssl crt ${testdir}/common.pem ssl-min-ver TLSv1.3 no-tls-tickets
http-response add-header x-ssl-resumed %[ssl_fc_is_resumed]
server s1 ${s1_addr}:${s1_port}