mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-12-02 08:11:29 +01:00
Code Issues Projects Releases Wiki Activity
haproxy/reg-tests/ssl/issuers_chain_path.vtc
Frederic Lecaille 0839fb46db REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory 
Move all these files and others for OCSP tests found into reg-tests/ssl
to reg-test/ssl/certs and adapt all the VTC files which use them.

This patch is needed by other tests which have to include the SSL tests.
Indeed, some VTC commands contain paths to these files which cannot
be customized with environment variables, depending on the location the VTC file
is runi from, because VTC does not resolve the environment variables. Only macros
as ${testdir} can be resolved.

For instance this command run from a VTC file from reg-tests/ssl directory cannot
be reused from another directory, except if we add a symbolic link for each certs,
key etc.

 haproxy h1 -cli {
   send "del ssl crt-list ${testdir}/localhost.crt-list ${testdir}/common.pem:1"
 }

This is not what we want. We add a symbolic link to reg-test/ssl/certs to the
directory and modify the command above as follows:

 haproxy h1 -cli {
   send "del ssl crt-list ${testdir}/certs/localhost.crt-list ${testdir}/certs/common.pem:1"
 }
2025-11-28 12:24:25 +01:00

45 lines
1.3 KiB
Plaintext
Raw Blame History

#REGTEST_TYPE=bug
# This reg-test checks if the 'issuers-chain-path' work correctly
#
varnishtest "Test the issuers-chain-path keyword"
feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.6)'"
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && openssl_version_atleast(1.1.1)'"
feature cmd "command -v openssl && command -v socat"
feature ignore_unknown_macro
haproxy h1 -conf {
global
.if feature(THREAD)
thread-groups 1
.endif
stats socket "${tmpdir}/h1/stats" level admin
issuers-chain-path "${testdir}/certs/issuers-chain-path/ca/"
crt-base "${testdir}/certs/issuers-chain-path"
defaults
mode http
option httplog
log stderr local0 debug err
option logasap
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
frontend ssl-fe
bind "${tmpdir}/ssl.sock" ssl crt server.pem
http-request return status 200
} -start
# We should have two distinct ocsp responses known that were loaded at build time
haproxy h1 -cli {
send "show ssl cert ${testdir}/certs/issuers-chain-path/server.pem"
expect ~ ".*Chain Filename.*"
send "show ssl cert ${testdir}/certs/issuers-chain-path/server.pem"
expect ~ ".*Chain Subject.*"
}
haproxy h1 -wait
Reference in New Issue View Git Blame Copy Permalink