mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-11-30 15:21:04 +01:00
2dc4d99cd2
These tests try all the combinations of {0,1}rtt <-> {0,1}rtt with
stateless and stateful tickets. They take into consideration the TLS
version to decide whether or not 0rtt should work. Since we cannot
use environment variables in the client, the tests are run in haproxy
itself where the frontends set a "x-early-rcvd-test" response header
that the client checks. At this stage, the test only verifies that
*some* early data were received.
Note that the tests are a bit complex because we need 4 listeners
for the various combinations of 0rtt/tickets, then we have to set
expectations based on the TLS version (1.2 vs 1.3), as well as the
session resumption status.
We have to set alpn on the server lines because currently our frontends
expect it for 0-rtt to work.
16 lines
704 B
Plaintext
16 lines
704 B
Plaintext
#REGTEST_TYPE=devel
|
|
|
|
# This reg-test tests 8 scenarios with and without tickets, with various
|
|
# combinations of settings for allow-0rtt, with TLSv1.2. Each client will try
|
|
# to established a connection, then try to reconnect 10 times resuming, and
|
|
# check for which combination(s) 0-rtt is used and fail if any does so since
|
|
# it's not expected to work with 1.2.
|
|
|
|
varnishtest "Test if the SSL session/ticket reuse works correctly for TLSv1.2"
|
|
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL_WOLFSSL) || feature(OPENSSL) && ssllib_name_startswith(OpenSSL) && openssl_version_atleast(1.1.1)'"
|
|
|
|
setenv VTC_SOCK_TYPE stream
|
|
setenv TLSV TLSv1.2
|
|
setenv ALPN http/1.1
|
|
include ${testdir}/../ssl/ssl-0rtt.vtci
|