REGTESTS: quic: dynamic_server_ssl.vtc supported by QUIC

ssl/dynamic_server_ssl.vtc was rename to ssl/dynamic_server_ssl.vtci
to produce a common part runnable both for QUIC and TCP connections.
Then dynamic_server_ssl.vtc were created both under ssl and quic directories
to call the .vtci file with correct VTC_SOCK_TYPE environment value.

Note that VTC_SOCK_TYPE may be resolved in haproxy -cli { } sections.

diff --git a/reg-tests/quic/dynamic_server_ssl.vtc b/reg-tests/quic/dynamic_server_ssl.vtc
new file mode 100644 (file)
index 0000000..39985f5
--- /dev/null
+++ b/reg-tests/quic/dynamic_server_ssl.vtc
@@ -0,0 +1,13 @@
+#REGTEST_TYPE=bug
+# Test if a certificate can be dynamically updated once a QUIC server which used it
+# was removed.
+#
+varnishtest "Delete server via cli and update certificates"
+
+# QUIC backend are not supported with USE_QUIC_OPENSSL_COMPAT
+feature cmd "$HAPROXY_PROGRAM -cc 'feature(QUIC) && !feature(QUIC_OPENSSL_COMPAT) && !feature(OPENSSL_WOLFSSL)'"
+feature cmd "command -v socat"
+
+setenv VTC_SOCK_TYPE quic
+include ${testdir}/../ssl/dynamic_server_ssl.vtci
+

diff --git a/reg-tests/ssl/dynamic_server_ssl.vtc b/reg-tests/ssl/dynamic_server_ssl.vtc
index 23b5605b4a67401c2f7a8ce9db6fe0e9d85537e1..95a3c5a1b6e10e878ef0af747153eb6abcdf31e7 100644 (file)
--- a/reg-tests/ssl/dynamic_server_ssl.vtc
+++ b/reg-tests/ssl/dynamic_server_ssl.vtc
@@ -4,113 +4,9 @@
 #
 varnishtest "Delete server via cli and update certificates"
 
-feature ignore_unknown_macro
-
 #REQUIRE_OPTIONS=OPENSSL
 feature cmd "command -v socat"
 
-# static server
-server s1 -repeat 3 {
-       rxreq
-       txresp \
-         -body "resp from s1"
-} -start
-
-haproxy h1 -conf {
-       global
-    .if feature(THREAD)
-        thread-groups 1
-    .endif
-
-               stats socket "${tmpdir}/h1/stats" level admin
-
-       defaults
-               mode http
-               option httpclose
-               timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
-               timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
-               timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
-
-       frontend fe
-               bind "fd@${feS}"
-               default_backend test
-
-       backend test
-               server s1 "${tmpdir}/ssl.sock" ssl verify none crt "${testdir}/certs/client1.pem"
-               server s2 "${tmpdir}/ssl.sock" ssl verify none crt "${testdir}/certs/client1.pem"
-               server s3 "${tmpdir}/ssl.sock" ssl verify none crt "${testdir}/certs/client1.pem"
-
-
-       listen ssl-lst
-               bind "${tmpdir}/ssl.sock" ssl crt "${testdir}/certs/common.pem"
-               server s1 ${s1_addr}:${s1_port}
-
-} -start
-
-
-haproxy h1 -cli {
-    send "show ssl cert ${testdir}/certs/client1.pem"
-    expect ~ ".*SHA1 FingerPrint: D9C3BAE37EA5A7EDB7B3C9BDD4DCB2FE58A412E4"
-}
-client c1 -connect ${h1_feS_sock} {
-       txreq
-       rxresp
-       expect resp.body == "resp from s1"
-} -run
-
-haproxy h1 -cli {
-    send "show ssl cert ${testdir}/certs/client1.pem"
-    expect ~ ".*SHA1 FingerPrint: D9C3BAE37EA5A7EDB7B3C9BDD4DCB2FE58A412E4"
-}
-
-## delete the  servers
-haproxy h1 -cli {
-       send "disable server test/s1"
-       expect ~ ".*"
-       send "disable server test/s2"
-       expect ~ ".*"
-       send "disable server test/s3"
-       expect ~ ".*"
-
-       # valid command
-       send "del server test/s1"
-       expect ~ "Server deleted."
-       send "del server test/s2"
-       expect ~ "Server deleted."
-       send "del server test/s3"
-       expect ~ "Server deleted."
-}
-
-# Replace certificate with an expired one
-shell {
-    printf "set ssl cert ${testdir}/certs/client1.pem <<\n$(cat ${testdir}/certs/client2_expired.pem)\n\n" | socat "${tmpdir}/h1/stats" -
-    echo "commit ssl cert ${testdir}/certs/client1.pem" | socat "${tmpdir}/h1/stats" -
-}
-
-haproxy h1 -cli {
-    send "show ssl cert ${testdir}/certs/client1.pem"
-    expect ~ ".*SHA1 FingerPrint: C625EB01A0A660294B9D7F44C5CEEE5AFC495BE4"
-}
-
-haproxy h1 -cli {
-       send "show ssl cert ${testdir}/certs/client1.pem"
-       expect ~ ".*Status: Unused"
-}
-
-haproxy h1 -cli {
-       send "add server test/s1 ${tmpdir}/ssl.sock ssl verify none crt ${testdir}/certs/client1.pem"
-       expect ~ "New server registered."
-       send "enable server test/s1"
-       expect ~ ".*"
-       send "show ssl cert ${testdir}/certs/client1.pem"
-       expect ~ ".*Status: Used"
-}
-
-
-# check that servers are active
-client c1 -connect ${h1_feS_sock} {
-       txreq
-       rxresp
-       expect resp.body == "resp from s1"
-} -run
+setenv VTC_SOCK_TYPE stream
+include ${testdir}/dynamic_server_ssl.vtci
 

diff --git a/reg-tests/ssl/dynamic_server_ssl.vtci b/reg-tests/ssl/dynamic_server_ssl.vtci
new file mode 100644 (file)
index 0000000..dfcedd9
--- /dev/null
+++ b/reg-tests/ssl/dynamic_server_ssl.vtci
@@ -0,0 +1,111 @@
+feature ignore_unknown_macro
+
+# static server
+server s1 -repeat 3 {
+       rxreq
+       txresp \
+         -body "resp from s1"
+} -start
+
+haproxy h1 -conf {
+       global
+    .if streq("$VTC_SOCK_TYPE",quic)
+        # required for backend connections
+        expose-experimental-directives
+    .endif
+    .if feature(THREAD)
+        thread-groups 1
+    .endif
+
+               stats socket "${tmpdir}/h1/stats" level admin
+
+       defaults
+               mode http
+               option httpclose
+               timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
+               timeout client  "${HAPROXY_TEST_TIMEOUT-5s}"
+               timeout server  "${HAPROXY_TEST_TIMEOUT-5s}"
+
+       frontend fe
+               bind "fd@${feS}"
+               default_backend test
+
+       backend test
+               server s1 "${VTC_SOCK_TYPE}+${h1_ssl_lst_sock}" ssl verify none crt "${testdir}/certs/client1.pem"
+               server s2 "${VTC_SOCK_TYPE}+${h1_ssl_lst_sock}" ssl verify none crt "${testdir}/certs/client1.pem"
+               server s3 "${VTC_SOCK_TYPE}+${h1_ssl_lst_sock}" ssl verify none crt "${testdir}/certs/client1.pem"
+
+
+       listen ssl-lst
+               bind "${VTC_SOCK_TYPE}+fd@${ssl_lst}" ssl crt "${testdir}/certs/common.pem"
+               server s1 ${s1_addr}:${s1_port}
+
+} -start
+
+
+haproxy h1 -cli {
+    send "show ssl cert ${testdir}/certs/client1.pem"
+    expect ~ ".*SHA1 FingerPrint: D9C3BAE37EA5A7EDB7B3C9BDD4DCB2FE58A412E4"
+}
+client c1 -connect ${h1_feS_sock} {
+       txreq
+       rxresp
+       expect resp.body == "resp from s1"
+} -run
+
+haproxy h1 -cli {
+    send "show ssl cert ${testdir}/certs/client1.pem"
+    expect ~ ".*SHA1 FingerPrint: D9C3BAE37EA5A7EDB7B3C9BDD4DCB2FE58A412E4"
+}
+
+## delete the  servers
+haproxy h1 -cli {
+       send "disable server test/s1"
+       expect ~ ".*"
+       send "disable server test/s2"
+       expect ~ ".*"
+       send "disable server test/s3"
+       expect ~ ".*"
+
+       # valid command
+       send "del server test/s1"
+       expect ~ "Server deleted."
+       send "del server test/s2"
+       expect ~ "Server deleted."
+       send "del server test/s3"
+       expect ~ "Server deleted."
+}
+
+# Replace certificate with an expired one
+shell {
+    printf "set ssl cert ${testdir}/certs/client1.pem <<\n$(cat ${testdir}/certs/client2_expired.pem)\n\n" | socat "${tmpdir}/h1/stats" -
+    echo "commit ssl cert ${testdir}/certs/client1.pem" | socat "${tmpdir}/h1/stats" -
+}
+
+haproxy h1 -cli {
+    send "show ssl cert ${testdir}/certs/client1.pem"
+    expect ~ ".*SHA1 FingerPrint: C625EB01A0A660294B9D7F44C5CEEE5AFC495BE4"
+}
+
+haproxy h1 -cli {
+       send "show ssl cert ${testdir}/certs/client1.pem"
+       expect ~ ".*Status: Unused"
+}
+
+haproxy h1 -cli {
+       send "add server test/s1 ${VTC_SOCK_TYPE}+${h1_ssl_lst_sock} ssl verify none crt ${testdir}/certs/client1.pem"
+       expect ~ "New server registered."
+       send "enable server test/s1"
+       expect ~ ".*"
+       send "show ssl cert ${testdir}/certs/client1.pem"
+       expect ~ ".*Status: Used"
+}
+
+
+# check that servers are active
+client c1 -connect ${h1_feS_sock} {
+       txreq
+       rxresp
+       expect resp.body == "resp from s1"
+} -run
+