REGTESTS: only use tune.ssl.default-dh-param when not using AWS-LC

This option is not available with AWS-LC and emits a warning, so let's properly enclose the test to cover this special case.
2026-01-19 00:51:37 +01:00 · 2024-11-19 09:26:12 +01:00 · 2024-11-19 09:26:12 +01:00 · efd745e22d
commit efd745e22d
parent d37610f43d
31 changed files with 80 additions and 0 deletions
--- a/reg-tests/checks/ssl-hello-check.vtc
+++ b/reg-tests/checks/ssl-hello-check.vtc
@ -24,7 +24,9 @@ syslog S3 -level notice {

 haproxy htst -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif

    defaults
        mode tcp
--- a/reg-tests/checks/tcp-check-ssl.vtc
+++ b/reg-tests/checks/tcp-check-ssl.vtc
@ -29,7 +29,9 @@ syslog S4 -level notice {

 haproxy htst -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif

    defaults
        mode tcp
--- a/reg-tests/checks/tls_health_checks.vtc
+++ b/reg-tests/checks/tls_health_checks.vtc
@ -34,7 +34,9 @@ syslog S1 -level notice {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif

    defaults
        mode http
@ -83,7 +85,9 @@ syslog S6 -level notice {

 haproxy h2 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif

    defaults
        timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
--- a/reg-tests/connection/proxy_protocol_random_fail.vtc
+++ b/reg-tests/connection/proxy_protocol_random_fail.vtc
@ -24,7 +24,9 @@ syslog Slog_1 -repeat 8 -level info {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        log ${Slog_1_addr}:${Slog_1_port} len 2048 local0 debug err

    defaults
--- a/reg-tests/jwt/jws_verify.vtc
+++ b/reg-tests/jwt/jws_verify.vtc
@ -23,7 +23,9 @@ server s1 -repeat 24 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h1/stats" level admin

--- a/reg-tests/ssl/add_ssl_crt-list.vtc
+++ b/reg-tests/ssl/add_ssl_crt-list.vtc
@ -22,7 +22,9 @@ server s1 -repeat 2 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        crt-base ${testdir}
        stats socket "${tmpdir}/h1/stats" level admin
--- a/reg-tests/ssl/del_ssl_crt-list.vtc
+++ b/reg-tests/ssl/del_ssl_crt-list.vtc
@ -20,7 +20,9 @@ server s1 -repeat 2 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        crt-base ${testdir}
        stats socket "${tmpdir}/h1/stats" level admin
--- a/reg-tests/ssl/new_del_ssl_cafile.vtc
+++ b/reg-tests/ssl/new_del_ssl_cafile.vtc
@ -21,7 +21,9 @@ server s1 -repeat 2 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h1/stats" level admin
        crt-base ${testdir}
--- a/reg-tests/ssl/new_del_ssl_crlfile.vtc
+++ b/reg-tests/ssl/new_del_ssl_crlfile.vtc
@ -21,7 +21,9 @@ server s1 -repeat 3 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h1/stats" level admin
        crt-base ${testdir}
--- a/reg-tests/ssl/ocsp_auto_update.vtc
+++ b/reg-tests/ssl/ocsp_auto_update.vtc
@ -47,7 +47,9 @@ feature ignore_unknown_macro

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h1/stats" level admin
        crt-base ${testdir}/ocsp_update
@ -115,7 +117,9 @@ syslog Syslog_ocsp -level notice {

 haproxy h2 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h2/stats" level admin
        crt-base ${testdir}/ocsp_update
@ -182,7 +186,9 @@ syslog Syslog_ocsp3 -level notice {

 haproxy h3 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h3/stats" level admin
        crt-base ${testdir}/ocsp_update
@ -254,7 +260,9 @@ syslog Syslog_ocsp4 -level notice {

 haproxy h4 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h4/stats" level admin
        crt-base ${testdir}/ocsp_update
@ -368,7 +376,9 @@ syslog Syslog_ocsp5 -level notice {

 haproxy h5 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h5/stats" level admin
        crt-base ${testdir}/ocsp_update
@ -450,7 +460,9 @@ syslog Syslog_ocsp6 -level notice {

 haproxy h6 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h6/stats" level admin
        crt-base ${testdir}
@ -526,7 +538,9 @@ syslog Syslog_ocsp7 -level notice {

 haproxy h7 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h7/stats" level admin
        crt-base ${testdir}
@ -589,7 +603,9 @@ process p7 -wait

 haproxy h8 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h8/stats" level admin
        crt-base ${testdir}/ocsp_update
@ -683,7 +699,9 @@ syslog Syslog_ocsp9 -level notice {

 haproxy h9 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h9/stats" level admin
        crt-base ${testdir}/ocsp_update
--- a/reg-tests/ssl/set_ssl_bug_2265.vtc
+++ b/reg-tests/ssl/set_ssl_bug_2265.vtc
@ -25,7 +25,9 @@ server s1 -repeat 3 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h1/stats" level admin

--- a/reg-tests/ssl/set_ssl_cafile.vtc
+++ b/reg-tests/ssl/set_ssl_cafile.vtc
@ -27,7 +27,9 @@ server s1 -repeat 4 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h1/stats" level admin

--- a/reg-tests/ssl/set_ssl_cert.vtc
+++ b/reg-tests/ssl/set_ssl_cert.vtc
@ -31,7 +31,9 @@ server s1 -repeat 9 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h1/stats" level admin
        crt-base ${testdir}
--- a/reg-tests/ssl/set_ssl_cert_bundle.vtc
+++ b/reg-tests/ssl/set_ssl_cert_bundle.vtc
@ -28,7 +28,9 @@ server s1 -repeat 9 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h1/stats" level admin
        crt-base ${testdir}
--- a/reg-tests/ssl/set_ssl_cert_noext.vtc
+++ b/reg-tests/ssl/set_ssl_cert_noext.vtc
@ -23,7 +23,9 @@ server s1 -repeat 3 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        ssl-load-extra-del-ext
        stats socket "${tmpdir}/h1/stats" level admin
--- a/reg-tests/ssl/set_ssl_crlfile.vtc
+++ b/reg-tests/ssl/set_ssl_crlfile.vtc
@ -30,7 +30,9 @@ server s1 -repeat 4 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h1/stats" level admin

--- a/reg-tests/ssl/set_ssl_server_cert.vtc
+++ b/reg-tests/ssl/set_ssl_server_cert.vtc
@ -16,7 +16,9 @@ server s1 -repeat 4 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h1/stats" level admin
        nbthread 1
--- a/reg-tests/ssl/show_ssl_ocspresponse.vtc
+++ b/reg-tests/ssl/show_ssl_ocspresponse.vtc
@ -27,7 +27,9 @@ feature ignore_unknown_macro

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h1/stats" level admin

--- a/reg-tests/ssl/ssl_alpn.vtc
+++ b/reg-tests/ssl/ssl_alpn.vtc
@ -11,7 +11,9 @@ feature ignore_unknown_macro

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif

    defaults
        mode http
--- a/reg-tests/ssl/ssl_client_auth.vtc
+++ b/reg-tests/ssl/ssl_client_auth.vtc
@ -25,7 +25,9 @@ server s1 -repeat 3 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif

    defaults
        mode http
--- a/reg-tests/ssl/ssl_client_samples.vtc
+++ b/reg-tests/ssl/ssl_client_samples.vtc
@ -12,7 +12,9 @@ server s1 -repeat 3 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        crt-base ${testdir}

--- a/reg-tests/ssl/ssl_crt-list_filters.vtc
+++ b/reg-tests/ssl/ssl_crt-list_filters.vtc
@ -16,7 +16,9 @@ server s1 -repeat 6 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        crt-base ${testdir}
        stats socket "${tmpdir}/h1/stats" level admin

--- a/reg-tests/ssl/ssl_curve_name.vtc
+++ b/reg-tests/ssl/ssl_curve_name.vtc
@ -11,7 +11,9 @@ server s1 -repeat 3 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        crt-base ${testdir}

--- a/reg-tests/ssl/ssl_curves.vtc
+++ b/reg-tests/ssl/ssl_curves.vtc
@ -39,7 +39,9 @@ syslog Slg_cust_fmt -level info {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif

    defaults
        mode http
--- a/reg-tests/ssl/ssl_default_server.vtc
+++ b/reg-tests/ssl/ssl_default_server.vtc
@ -22,7 +22,9 @@ server s1 -repeat 7 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h1/stats" level admin
        crt-base ${testdir}
--- a/reg-tests/ssl/ssl_errors.vtc
+++ b/reg-tests/ssl/ssl_errors.vtc
@ -168,7 +168,9 @@ syslog Slg_bcknd_fe -level info {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        stats socket "${tmpdir}/h1/stats" level admin
    .if openssl_version_atleast(3.0.0)
--- a/reg-tests/ssl/ssl_frontend_samples.vtc
+++ b/reg-tests/ssl/ssl_frontend_samples.vtc
@ -11,7 +11,9 @@ server s1 -repeat 3 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        crt-base ${testdir}

--- a/reg-tests/ssl/ssl_generate_certificate.vtc
+++ b/reg-tests/ssl/ssl_generate_certificate.vtc
@ -27,7 +27,9 @@ server s1 -repeat 6 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 2048

    defaults
--- a/reg-tests/ssl/ssl_server_samples.vtc
+++ b/reg-tests/ssl/ssl_server_samples.vtc
@ -11,7 +11,9 @@ server s1 -repeat 3 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        tune.ssl.capture-buffer-size 1
        crt-base ${testdir}
        stats socket "${tmpdir}/h1/stats" level admin
--- a/reg-tests/ssl/ssl_simple_crt-list.vtc
+++ b/reg-tests/ssl/ssl_simple_crt-list.vtc
@ -12,7 +12,9 @@ server s1 -repeat 4 {

 haproxy h1 -conf {
    global
+    .if !ssllib_name_startswith(AWS-LC)
        tune.ssl.default-dh-param 2048
+    .endif
        crt-base ${testdir}
        stats socket "${tmpdir}/h1/stats" level admin

--- a/reg-tests/ssl/wrong_ctx_storage.vtc
+++ b/reg-tests/ssl/wrong_ctx_storage.vtc
@ -24,7 +24,9 @@ feature ignore_unknown_macro

 haproxy h1 -conf {
  global
+  .if !ssllib_name_startswith(AWS-LC)
    tune.ssl.default-dh-param 2048
+  .endif
    tune.ssl.capture-buffer-size 1

  defaults