mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-12-06 18:21:17 +01:00
Code Issues Projects Releases Wiki Activity
haproxy/reg-tests/ssl/wrong_ctx_storage.vtc
Frederic Lecaille 6d219c51f9 REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory 
Move all these files and others for OCSP tests found into reg-tests/ssl
to reg-test/ssl/certs and adapt all the VTC files which use them.

This patch is needed by other tests which have to include the SSL tests.
Indeed, some VTC commands contain paths to these files which cannot
be customized with environment variables, depending on the location the VTC file
is runi from, because VTC does not resolve the environment variables. Only macros
as ${testdir} can be resolved.

For instance this command run from a VTC file from reg-tests/ssl directory cannot
be reused from another directory, except if we add a symbolic link for each certs,
key etc.

 haproxy h1 -cli {
   send "del ssl crt-list ${testdir}/localhost.crt-list ${testdir}/common.pem:1"
 }

This is not what we want. We add a symbolic link to reg-test/ssl/certs to the
directory and modify the command above as follows:

 haproxy h1 -cli {
   send "del ssl crt-list ${testdir}/certs/localhost.crt-list ${testdir}/certs/common.pem:1"
 }
2025-12-03 11:15:37 +01:00

57 lines
1.5 KiB
Plaintext
Raw Blame History

# commit 28962c9
# BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot
#
# We never saw unexplicated crash with SSL, so I suppose that we are
# luck, or the slot 0 is always reserved. Anyway the usage of the macro
# SSL_get_app_data() and SSL_set_app_data() seem wrong. This patch change
# the deprecated functions SSL_get_app_data() and SSL_set_app_data()
# by the new functions SSL_get_ex_data() and SSL_set_ex_data(), and
# it reserves the slot in the SSL memory space.
#
# For information, this is the two declaration which seems wrong or
# incomplete in the OpenSSL ssl.h file. We can see the usage of the
# slot 0 whoch is hardcoded, but never reserved.
#
# #define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
# #define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
#REGTEST_TYPE=bug
varnishtest "OpenSSL bug: Random crashes"
#REQUIRE_OPTIONS=OPENSSL
feature ignore_unknown_macro
haproxy h1 -conf {
global
.if feature(THREAD)
thread-groups 1
.endif
.if !ssllib_name_startswith(AWS-LC)
tune.ssl.default-dh-param 2048
.endif
tune.ssl.capture-buffer-size 1
defaults
timeout client 30s
timeout server 30s
timeout connect 30s
listen frt
mode http
bind "fd@${frt}" ssl crt ${testdir}/certs/common.pem
http-request redirect location /
} -start
shell {
HOST=${h1_frt_addr}
if [ "${h1_frt_addr}" = "::1" ] ; then
HOST="\[::1\]"
fi
for i in 1 2 3 4 5; do
curl -i -k https://$HOST:${h1_frt_port} & pids="$pids $!"
done
wait $pids
}
Reference in New Issue View Git Blame Copy Permalink