REGTESTS: ssl: also verify that 0-rtt properly advertises early-data:1

This patch completes the 0-rtt test to verify that early-data:1 is
properly emitted to the server in the relevant situations. We carefully
compare it with the expected values that are computed based on the TLS
version, the client and listener's support for 0-rtt and the resumption
status. A response header "x-early-data-test" is set to OK on success,
or KO on failure and the client tests this. The previous test is kept
as well. This was tested with quictls-1.1.1 and quictls-3.0.1 for TCP,
as well as aws-lc for QUIC.

diff --git a/reg-tests/ssl/ssl-0rtt.vtci b/reg-tests/ssl/ssl-0rtt.vtci
index 8797808fe64ffe2751c693a9ebb7dffbaffe79fb..78ca036fc1ef5af0b50ba3bdbe7a75a51289bf19 100644 (file)
--- a/reg-tests/ssl/ssl-0rtt.vtci
+++ b/reg-tests/ssl/ssl-0rtt.vtci
@@ -107,6 +107,9 @@ haproxy h1 -conf {
         bind "${VTC_SOCK_TYPE}+fd@${sv_sf_0r}" name sf_0r ssl crt ${testdir}/common.pem ssl-min-ver "${TLSV}" ssl-max-ver "${TLSV}" allow-0rtt
         bind "${VTC_SOCK_TYPE}+fd@${sv_sl_0r}" name sl_0r ssl crt ${testdir}/common.pem ssl-min-ver "${TLSV}" ssl-max-ver "${TLSV}" allow-0rtt no-tls-tickets
 
+        # expect early-data TLS version supports it and both the client and the listener support it
+        http-request add-header x-expect-early 1 if { int("$ZRTT_SUPP") eq 1 } { ssl_fc_is_resumed } { req.hdr(x-from) -m reg '^cl_0r' } { so_name -m reg '0r$' }
+
         # this is the application server behind us
         server s1 ${h1_srv_sock}
 
@@ -115,7 +118,12 @@ haproxy h1 -conf {
 
     frontend srv
         bind "fd@${srv}"
-        http-request return status 200
+        # set txn.test to OK if early-data matches x-expected-early, otherwise KO,
+        # then send it as header "x-early-data-test" in the response.
+        http-request set-var(txn.test) str(OK) if { req.hdr(x-expect-early) 1 } { req.hdr(early-data) 1 }
+        http-request set-var(txn.test) str(OK) if !{ req.hdr(x-expect-early) -m found } !{ req.hdr(early-data) -m found }
+        http-request set-var(txn.test,ifempty) str(KO)
+        http-request return status 200 hdr x-early-data-test %[var(txn.test)]
 } -start
 
 
@@ -125,6 +133,7 @@ client cl_1r_sf_1r -connect ${h1_cl_1r_sf_1r_sock} {
     rxresp
     expect resp.status == 200
     expect resp.http.x-early-rcvd-test == OK
+    expect resp.http.x-early-data-test == OK
 } -run
 
 client cl_1r_sf_1r -connect ${h1_cl_1r_sf_1r_sock} -repeat 10 {
@@ -132,6 +141,7 @@ client cl_1r_sf_1r -connect ${h1_cl_1r_sf_1r_sock} -repeat 10 {
     rxresp
     expect resp.status == 200
     expect resp.http.x-early-rcvd-test == OK
+    expect resp.http.x-early-data-test == OK
 } -run
 
 client cl_1r_sl_1r -connect ${h1_cl_1r_sl_1r_sock} {
@@ -139,6 +149,7 @@ client cl_1r_sl_1r -connect ${h1_cl_1r_sl_1r_sock} {
     rxresp
     expect resp.status == 200
     expect resp.http.x-early-rcvd-test == OK
+    expect resp.http.x-early-data-test == OK
 } -run
 
 client cl_1r_sl_1r -connect ${h1_cl_1r_sl_1r_sock} -repeat 10 {
@@ -146,6 +157,7 @@ client cl_1r_sl_1r -connect ${h1_cl_1r_sl_1r_sock} -repeat 10 {
     rxresp
     expect resp.status == 200
     expect resp.http.x-early-rcvd-test == OK
+    expect resp.http.x-early-data-test == OK
 } -run
 
 
@@ -155,6 +167,7 @@ client cl_1r_sf_0r -connect ${h1_cl_1r_sf_0r_sock} {
     rxresp
     expect resp.status == 200
     expect resp.http.x-early-rcvd-test == OK
+    expect resp.http.x-early-data-test == OK
 } -run
 
 client cl_1r_sf_0r -connect ${h1_cl_1r_sf_0r_sock} -repeat 10 {
@@ -162,6 +175,7 @@ client cl_1r_sf_0r -connect ${h1_cl_1r_sf_0r_sock} -repeat 10 {
     rxresp
     expect resp.status == 200
     expect resp.http.x-early-rcvd-test == OK
+    expect resp.http.x-early-data-test == OK
 } -run
 
 client cl_1r_sl_0r -connect ${h1_cl_1r_sl_0r_sock} {
@@ -169,6 +183,7 @@ client cl_1r_sl_0r -connect ${h1_cl_1r_sl_0r_sock} {
     rxresp
     expect resp.status == 200
     expect resp.http.x-early-rcvd-test == OK
+    expect resp.http.x-early-data-test == OK
 } -run
 
 client cl_1r_sl_0r -connect ${h1_cl_1r_sl_0r_sock} -repeat 10 {
@@ -176,6 +191,7 @@ client cl_1r_sl_0r -connect ${h1_cl_1r_sl_0r_sock} -repeat 10 {
     rxresp
     expect resp.status == 200
     expect resp.http.x-early-rcvd-test == OK
+    expect resp.http.x-early-data-test == OK
 } -run
 
 # 0r -> 1r
@@ -184,6 +200,7 @@ client cl_0r_sf_1r -connect ${h1_cl_0r_sf_1r_sock} {
     rxresp
     expect resp.status == 200
     expect resp.http.x-early-rcvd-test == OK
+    expect resp.http.x-early-data-test == OK
 } -run
 
 client cl_0r_sf_1r -connect ${h1_cl_0r_sf_1r_sock} -repeat 10 {
@@ -191,6 +208,7 @@ client cl_0r_sf_1r -connect ${h1_cl_0r_sf_1r_sock} -repeat 10 {
     rxresp
     expect resp.status == 200
     expect resp.http.x-early-rcvd-test == OK
+    expect resp.http.x-early-data-test == OK
 } -run
 
 client cl_0r_sl_1r -connect ${h1_cl_0r_sl_1r_sock} {
@@ -198,6 +216,7 @@ client cl_0r_sl_1r -connect ${h1_cl_0r_sl_1r_sock} {
     rxresp
     expect resp.status == 200
     expect resp.http.x-early-rcvd-test == OK
+    expect resp.http.x-early-data-test == OK
 } -run
 
 client cl_0r_sl_1r -connect ${h1_cl_0r_sl_1r_sock} -repeat 10 {
@@ -205,6 +224,7 @@ client cl_0r_sl_1r -connect ${h1_cl_0r_sl_1r_sock} -repeat 10 {
     rxresp
     expect resp.status == 200
     expect resp.http.x-early-rcvd-test == OK
+    expect resp.http.x-early-data-test == OK
 } -run
 
 
@@ -214,6 +234,7 @@ client cl_0r_sf_0r -connect ${h1_cl_0r_sf_0r_sock} {
     rxresp
     expect resp.status == 200
     expect resp.http.x-early-rcvd-test == OK
+    expect resp.http.x-early-data-test == OK
 } -run
 
 client cl_0r_sf_0r -connect ${h1_cl_0r_sf_0r_sock} -repeat 10 {
@@ -221,6 +242,7 @@ client cl_0r_sf_0r -connect ${h1_cl_0r_sf_0r_sock} -repeat 10 {
     rxresp
     expect resp.status == 200
     expect resp.http.x-early-rcvd-test == OK
+    expect resp.http.x-early-data-test == OK
 } -run
 
 client cl_0r_sl_0r -connect ${h1_cl_0r_sl_0r_sock} {
@@ -228,6 +250,7 @@ client cl_0r_sl_0r -connect ${h1_cl_0r_sl_0r_sock} {
     rxresp
     expect resp.status == 200
     expect resp.http.x-early-rcvd-test == OK
+    expect resp.http.x-early-data-test == OK
 } -run
 
 client cl_0r_sl_0r -connect ${h1_cl_0r_sl_0r_sock} -repeat 10 {
@@ -235,4 +258,5 @@ client cl_0r_sl_0r -connect ${h1_cl_0r_sl_0r_sock} -repeat 10 {
     rxresp
     expect resp.status == 200
     expect resp.http.x-early-rcvd-test == OK
+    expect resp.http.x-early-data-test == OK
 } -run