mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-12-06 18:21:17 +01:00
6d219c51f9
Move all these files and others for OCSP tests found into reg-tests/ssl
to reg-test/ssl/certs and adapt all the VTC files which use them.
This patch is needed by other tests which have to include the SSL tests.
Indeed, some VTC commands contain paths to these files which cannot
be customized with environment variables, depending on the location the VTC file
is runi from, because VTC does not resolve the environment variables. Only macros
as ${testdir} can be resolved.
For instance this command run from a VTC file from reg-tests/ssl directory cannot
be reused from another directory, except if we add a symbolic link for each certs,
key etc.
haproxy h1 -cli {
send "del ssl crt-list ${testdir}/localhost.crt-list ${testdir}/common.pem:1"
}
This is not what we want. We add a symbolic link to reg-test/ssl/certs to the
directory and modify the command above as follows:
haproxy h1 -cli {
send "del ssl crt-list ${testdir}/certs/localhost.crt-list ${testdir}/certs/common.pem:1"
}
191 lines
5.2 KiB
Plaintext
191 lines
5.2 KiB
Plaintext
# This reg-test checks websocket support in regards with the server keyword
|
|
# 'ws'
|
|
|
|
varnishtest "h2 backend websocket management via server keyword"
|
|
|
|
feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.5-dev0)'"
|
|
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && !ssllib_name_startswith(wolfSSL)'"
|
|
feature ignore_unknown_macro
|
|
|
|
# haproxy server
|
|
haproxy hapsrv -conf {
|
|
global
|
|
.if feature(THREAD)
|
|
thread-groups 1
|
|
.endif
|
|
|
|
defaults
|
|
mode http
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
frontend fe
|
|
bind "fd@${fe}"
|
|
bind "fd@${fessl}" ssl crt ${testdir}/certs/common.pem alpn h2,http/1.1
|
|
capture request header sec-websocket-key len 128
|
|
http-request set-var(txn.ver) req.ver
|
|
use_backend be
|
|
|
|
backend be
|
|
# define websocket ACL
|
|
acl ws_handshake hdr(upgrade) -m str websocket
|
|
|
|
# handle non-ws streams
|
|
http-request return status 200 if !ws_handshake
|
|
|
|
# handle ws streams
|
|
#capture request header sec-websocket-key len 128
|
|
http-request return status 200 hdr connection upgrade hdr upgrade websocket hdr sec-websocket-accept "%[capture.req.hdr(0),concat(258EAFA5-E914-47DA-95CA-C5AB0DC85B11,,),sha1,base64]" if ws_handshake
|
|
http-after-response set-status 101 if { status eq 200 } { res.hdr(upgrade) -m str websocket }
|
|
http-after-response set-header x-backend-protocol "%[var(txn.ver)]"
|
|
} -start
|
|
|
|
# haproxy LB
|
|
haproxy hap -conf {
|
|
global
|
|
.if feature(THREAD)
|
|
thread-groups 1
|
|
.endif
|
|
|
|
defaults
|
|
mode http
|
|
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
|
|
|
|
# proto X ws h1 -> websocket on h1
|
|
listen li
|
|
bind "fd@${li}"
|
|
server hap_srv ${hapsrv_fe_addr}:${hapsrv_fe_port} proto h2 ws h1
|
|
|
|
# proto X ws h2 -> websocket on h2
|
|
listen lih2
|
|
bind "fd@${lih2}"
|
|
server hap_srv ${hapsrv_fe_addr}:${hapsrv_fe_port} proto h2 ws h2
|
|
|
|
# alpn h2,http/1.1 ws h2 -> websocket on h2
|
|
listen lisslh2
|
|
bind "fd@${lisslh2}"
|
|
server hap_srv ${hapsrv_fessl_addr}:${hapsrv_fessl_port} ssl verify none alpn h2,http/1.1 ws h2
|
|
http-response set-header x-alpn "%[ssl_bc_alpn]"
|
|
|
|
# ws auto -> websocket on h1
|
|
listen liauto
|
|
bind "fd@${liauto}"
|
|
server hap_srv ${hapsrv_fe_addr}:${hapsrv_fe_port}
|
|
|
|
# alpn h2,http/1.1 ws auto -> websocket on h1
|
|
listen lissl
|
|
bind "fd@${lissl}"
|
|
server hap_srv ${hapsrv_fessl_addr}:${hapsrv_fessl_port} ssl verify none alpn h2,http/1.1 ws auto
|
|
http-response set-header x-alpn "%[ssl_bc_alpn]"
|
|
# alpn h2,http/1.1 ws auto -> websocket on h1
|
|
listen lisslauto
|
|
bind "fd@${lisslauto}"
|
|
server hap_srv ${hapsrv_fessl_addr}:${hapsrv_fessl_port} ssl verify none alpn h2,http/1.1
|
|
http-response set-header x-alpn "%[ssl_bc_alpn]"
|
|
|
|
# proto h2 ws auto -> websocket on h2
|
|
listen liauto2
|
|
bind "fd@${liauto2}"
|
|
server hap_srv ${hapsrv_fe_addr}:${hapsrv_fe_port} proto h2
|
|
|
|
# alpn h2 ws auto -> websocket on h2
|
|
listen lisslauto2
|
|
bind "fd@${lisslauto2}"
|
|
server hap_srv ${hapsrv_fessl_addr}:${hapsrv_fessl_port} ssl verify none alpn h2 ws auto
|
|
http-response set-header x-alpn "%[ssl_bc_alpn]"
|
|
} -start
|
|
|
|
client c1 -connect ${hap_li_sock} {
|
|
txreq \
|
|
-req "GET" \
|
|
-url "/" \
|
|
-hdr "host: 127.0.0.1" \
|
|
-hdr "connection: upgrade" \
|
|
-hdr "upgrade: websocket" \
|
|
-hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
|
|
rxresp
|
|
expect resp.status == 101
|
|
expect resp.http.x-backend-protocol == "1.1"
|
|
} -run
|
|
|
|
client c1.2 -connect ${hap_lih2_sock} {
|
|
txreq \
|
|
-req "GET" \
|
|
-url "/" \
|
|
-hdr "host: 127.0.0.1" \
|
|
-hdr "connection: upgrade" \
|
|
-hdr "upgrade: websocket" \
|
|
-hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
|
|
rxresp
|
|
expect resp.status == 101
|
|
expect resp.http.x-backend-protocol == "2.0"
|
|
} -run
|
|
|
|
client c1.3 -connect ${hap_liauto_sock} {
|
|
txreq \
|
|
-req "GET" \
|
|
-url "/" \
|
|
-hdr "host: 127.0.0.1" \
|
|
-hdr "connection: upgrade" \
|
|
-hdr "upgrade: websocket" \
|
|
-hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
|
|
rxresp
|
|
expect resp.status == 101
|
|
expect resp.http.x-backend-protocol == "1.1"
|
|
} -run
|
|
|
|
client c1.4 -connect ${hap_liauto2_sock} {
|
|
txreq \
|
|
-req "GET" \
|
|
-url "/" \
|
|
-hdr "host: 127.0.0.1" \
|
|
-hdr "connection: upgrade" \
|
|
-hdr "upgrade: websocket" \
|
|
-hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
|
|
rxresp
|
|
expect resp.status == 101
|
|
expect resp.http.x-backend-protocol == "2.0"
|
|
} -run
|
|
|
|
client c2 -connect ${hap_lisslauto_sock} {
|
|
txreq \
|
|
-req "GET" \
|
|
-url "/" \
|
|
-hdr "host: 127.0.0.1" \
|
|
-hdr "connection: upgrade" \
|
|
-hdr "upgrade: websocket" \
|
|
-hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
|
|
rxresp
|
|
expect resp.status == 101
|
|
expect resp.http.x-alpn == "http/1.1"
|
|
} -run
|
|
|
|
client c2.2 -connect ${hap_lisslauto2_sock} {
|
|
txreq \
|
|
-req "GET" \
|
|
-url "/" \
|
|
-hdr "host: 127.0.0.1" \
|
|
-hdr "connection: upgrade" \
|
|
-hdr "upgrade: websocket" \
|
|
-hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
|
|
rxresp
|
|
expect resp.status == 101
|
|
expect resp.http.x-alpn == "h2"
|
|
} -run
|
|
|
|
client c2.3 -connect ${hap_lisslh2_sock} {
|
|
txreq \
|
|
-req "GET" \
|
|
-url "/" \
|
|
-hdr "host: 127.0.0.1" \
|
|
-hdr "connection: upgrade" \
|
|
-hdr "upgrade: websocket" \
|
|
-hdr "sec-websocket-key: dGhlIHNhbXBsZSBub25jZQ=="
|
|
rxresp
|
|
expect resp.status == 101
|
|
expect resp.http.x-alpn == "h2"
|
|
} -run
|