mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-12-07 18:51:21 +01:00
797f4dfd89
ssl/ssl_client_auth.vtc was renamed to ssl/ssl_client_auth.vtci
to produce a common part runnable both for QUIC and TCP listeners.
Then ssl_client_auth.vtc files were created both under ssl and quic directories
to call this .vtci file with correct VTC_SOCK_TYPE environment values
("quic" for QUIC listeners and "stream" for TCP listeners);
24 lines
981 B
Plaintext
24 lines
981 B
Plaintext
#REGTEST_TYPE=devel
|
|
|
|
# This reg-test tests the client auth feature of HAProxy for both the backend
|
|
# and frontend section with a CRL list
|
|
#
|
|
# This reg-test uses 2 chained listeners because vtest does not handle the SSL.
|
|
# Test the frontend client auth and the backend side at the same time.
|
|
#
|
|
# The sends 3 requests one with a correct certificate, one with an expired one and one which was revoked.
|
|
# The client then check if we received the right one with the right error.
|
|
#
|
|
# Certificates, CA and CRL are expiring in 2050 so it should be fine for the CI.
|
|
#
|
|
# Detail about configuration is explained there:
|
|
# https://www.haproxy.com/blog/ssl-client-certificate-management-at-application-level/
|
|
|
|
varnishtest "Test the client auth"
|
|
|
|
# QUIC backend are not supported with USE_QUIC_OPENSSL_COMPAT
|
|
feature cmd "$HAPROXY_PROGRAM -cc 'feature(QUIC) && !feature(QUIC_OPENSSL_COMPAT) && !feature(OPENSSL_WOLFSSL)'"
|
|
|
|
setenv VTC_SOCK_TYPE quic
|
|
include ${testdir}/../ssl/ssl_client_auth.vtci
|