From: Willy Tarreau Date: Tue, 19 Nov 2024 08:26:12 +0000 (+0100) Subject: REGTESTS: only use tune.ssl.default-dh-param when not using AWS-LC X-Git-Tag: v3.1-dev14~117 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=efd745e22df837cabf7d89423979af040a3e4ec6;p=thirdparty%2Fhaproxy.git REGTESTS: only use tune.ssl.default-dh-param when not using AWS-LC This option is not available with AWS-LC and emits a warning, so let's properly enclose the test to cover this special case. --- diff --git a/reg-tests/checks/ssl-hello-check.vtc b/reg-tests/checks/ssl-hello-check.vtc index 7cabfabc8d..a44b6e15cb 100644 --- a/reg-tests/checks/ssl-hello-check.vtc +++ b/reg-tests/checks/ssl-hello-check.vtc @@ -24,7 +24,9 @@ syslog S3 -level notice { haproxy htst -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif defaults mode tcp diff --git a/reg-tests/checks/tcp-check-ssl.vtc b/reg-tests/checks/tcp-check-ssl.vtc index 9ad0dfab51..4020f73f5a 100644 --- a/reg-tests/checks/tcp-check-ssl.vtc +++ b/reg-tests/checks/tcp-check-ssl.vtc @@ -29,7 +29,9 @@ syslog S4 -level notice { haproxy htst -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif defaults mode tcp diff --git a/reg-tests/checks/tls_health_checks.vtc b/reg-tests/checks/tls_health_checks.vtc index e94a2c7195..9c3039f53e 100644 --- a/reg-tests/checks/tls_health_checks.vtc +++ b/reg-tests/checks/tls_health_checks.vtc @@ -34,7 +34,9 @@ syslog S1 -level notice { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif defaults mode http @@ -83,7 +85,9 @@ syslog S6 -level notice { haproxy h2 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif defaults timeout client "${HAPROXY_TEST_TIMEOUT-5s}" diff --git a/reg-tests/connection/proxy_protocol_random_fail.vtc b/reg-tests/connection/proxy_protocol_random_fail.vtc index 1ae33deb97..93667decf6 100644 --- a/reg-tests/connection/proxy_protocol_random_fail.vtc +++ b/reg-tests/connection/proxy_protocol_random_fail.vtc @@ -24,7 +24,9 @@ syslog Slog_1 -repeat 8 -level info { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif log ${Slog_1_addr}:${Slog_1_port} len 2048 local0 debug err defaults diff --git a/reg-tests/jwt/jws_verify.vtc b/reg-tests/jwt/jws_verify.vtc index 43d37c7552..57a2ee2397 100644 --- a/reg-tests/jwt/jws_verify.vtc +++ b/reg-tests/jwt/jws_verify.vtc @@ -23,7 +23,9 @@ server s1 -repeat 24 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h1/stats" level admin diff --git a/reg-tests/ssl/add_ssl_crt-list.vtc b/reg-tests/ssl/add_ssl_crt-list.vtc index fbf3817386..6c6379ec33 100644 --- a/reg-tests/ssl/add_ssl_crt-list.vtc +++ b/reg-tests/ssl/add_ssl_crt-list.vtc @@ -22,7 +22,9 @@ server s1 -repeat 2 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 crt-base ${testdir} stats socket "${tmpdir}/h1/stats" level admin diff --git a/reg-tests/ssl/del_ssl_crt-list.vtc b/reg-tests/ssl/del_ssl_crt-list.vtc index 5cf4c6af32..3a2beccb64 100644 --- a/reg-tests/ssl/del_ssl_crt-list.vtc +++ b/reg-tests/ssl/del_ssl_crt-list.vtc @@ -20,7 +20,9 @@ server s1 -repeat 2 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 crt-base ${testdir} stats socket "${tmpdir}/h1/stats" level admin diff --git a/reg-tests/ssl/new_del_ssl_cafile.vtc b/reg-tests/ssl/new_del_ssl_cafile.vtc index 2123fb030c..7e8a9f19d0 100644 --- a/reg-tests/ssl/new_del_ssl_cafile.vtc +++ b/reg-tests/ssl/new_del_ssl_cafile.vtc @@ -21,7 +21,9 @@ server s1 -repeat 2 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h1/stats" level admin crt-base ${testdir} diff --git a/reg-tests/ssl/new_del_ssl_crlfile.vtc b/reg-tests/ssl/new_del_ssl_crlfile.vtc index 8658a1a7a5..8575f26449 100644 --- a/reg-tests/ssl/new_del_ssl_crlfile.vtc +++ b/reg-tests/ssl/new_del_ssl_crlfile.vtc @@ -21,7 +21,9 @@ server s1 -repeat 3 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h1/stats" level admin crt-base ${testdir} diff --git a/reg-tests/ssl/ocsp_auto_update.vtc b/reg-tests/ssl/ocsp_auto_update.vtc index 0193953803..bcaf96b19b 100644 --- a/reg-tests/ssl/ocsp_auto_update.vtc +++ b/reg-tests/ssl/ocsp_auto_update.vtc @@ -47,7 +47,9 @@ feature ignore_unknown_macro haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h1/stats" level admin crt-base ${testdir}/ocsp_update @@ -115,7 +117,9 @@ syslog Syslog_ocsp -level notice { haproxy h2 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h2/stats" level admin crt-base ${testdir}/ocsp_update @@ -182,7 +186,9 @@ syslog Syslog_ocsp3 -level notice { haproxy h3 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h3/stats" level admin crt-base ${testdir}/ocsp_update @@ -254,7 +260,9 @@ syslog Syslog_ocsp4 -level notice { haproxy h4 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h4/stats" level admin crt-base ${testdir}/ocsp_update @@ -368,7 +376,9 @@ syslog Syslog_ocsp5 -level notice { haproxy h5 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h5/stats" level admin crt-base ${testdir}/ocsp_update @@ -450,7 +460,9 @@ syslog Syslog_ocsp6 -level notice { haproxy h6 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h6/stats" level admin crt-base ${testdir} @@ -526,7 +538,9 @@ syslog Syslog_ocsp7 -level notice { haproxy h7 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h7/stats" level admin crt-base ${testdir} @@ -589,7 +603,9 @@ process p7 -wait haproxy h8 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h8/stats" level admin crt-base ${testdir}/ocsp_update @@ -683,7 +699,9 @@ syslog Syslog_ocsp9 -level notice { haproxy h9 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h9/stats" level admin crt-base ${testdir}/ocsp_update diff --git a/reg-tests/ssl/set_ssl_bug_2265.vtc b/reg-tests/ssl/set_ssl_bug_2265.vtc index e743c0a818..c773f134ca 100644 --- a/reg-tests/ssl/set_ssl_bug_2265.vtc +++ b/reg-tests/ssl/set_ssl_bug_2265.vtc @@ -25,7 +25,9 @@ server s1 -repeat 3 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h1/stats" level admin diff --git a/reg-tests/ssl/set_ssl_cafile.vtc b/reg-tests/ssl/set_ssl_cafile.vtc index b948b4bd7d..2e5aebbdaa 100644 --- a/reg-tests/ssl/set_ssl_cafile.vtc +++ b/reg-tests/ssl/set_ssl_cafile.vtc @@ -27,7 +27,9 @@ server s1 -repeat 4 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h1/stats" level admin diff --git a/reg-tests/ssl/set_ssl_cert.vtc b/reg-tests/ssl/set_ssl_cert.vtc index 70a6f5ee01..6373498dee 100644 --- a/reg-tests/ssl/set_ssl_cert.vtc +++ b/reg-tests/ssl/set_ssl_cert.vtc @@ -31,7 +31,9 @@ server s1 -repeat 9 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h1/stats" level admin crt-base ${testdir} diff --git a/reg-tests/ssl/set_ssl_cert_bundle.vtc b/reg-tests/ssl/set_ssl_cert_bundle.vtc index 0941bdba9f..3b3c0b343a 100644 --- a/reg-tests/ssl/set_ssl_cert_bundle.vtc +++ b/reg-tests/ssl/set_ssl_cert_bundle.vtc @@ -28,7 +28,9 @@ server s1 -repeat 9 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h1/stats" level admin crt-base ${testdir} diff --git a/reg-tests/ssl/set_ssl_cert_noext.vtc b/reg-tests/ssl/set_ssl_cert_noext.vtc index 8eb8b24ddd..ed5fdb5c73 100644 --- a/reg-tests/ssl/set_ssl_cert_noext.vtc +++ b/reg-tests/ssl/set_ssl_cert_noext.vtc @@ -23,7 +23,9 @@ server s1 -repeat 3 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 ssl-load-extra-del-ext stats socket "${tmpdir}/h1/stats" level admin diff --git a/reg-tests/ssl/set_ssl_crlfile.vtc b/reg-tests/ssl/set_ssl_crlfile.vtc index 54d599859d..86cab00173 100644 --- a/reg-tests/ssl/set_ssl_crlfile.vtc +++ b/reg-tests/ssl/set_ssl_crlfile.vtc @@ -30,7 +30,9 @@ server s1 -repeat 4 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h1/stats" level admin diff --git a/reg-tests/ssl/set_ssl_server_cert.vtc b/reg-tests/ssl/set_ssl_server_cert.vtc index 847d45b8d8..55d8df0efa 100644 --- a/reg-tests/ssl/set_ssl_server_cert.vtc +++ b/reg-tests/ssl/set_ssl_server_cert.vtc @@ -16,7 +16,9 @@ server s1 -repeat 4 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h1/stats" level admin nbthread 1 diff --git a/reg-tests/ssl/show_ssl_ocspresponse.vtc b/reg-tests/ssl/show_ssl_ocspresponse.vtc index 8b1db1692e..08969ba2b3 100644 --- a/reg-tests/ssl/show_ssl_ocspresponse.vtc +++ b/reg-tests/ssl/show_ssl_ocspresponse.vtc @@ -27,7 +27,9 @@ feature ignore_unknown_macro haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h1/stats" level admin diff --git a/reg-tests/ssl/ssl_alpn.vtc b/reg-tests/ssl/ssl_alpn.vtc index dfc63ac043..9d032769c8 100644 --- a/reg-tests/ssl/ssl_alpn.vtc +++ b/reg-tests/ssl/ssl_alpn.vtc @@ -11,7 +11,9 @@ feature ignore_unknown_macro haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif defaults mode http diff --git a/reg-tests/ssl/ssl_client_auth.vtc b/reg-tests/ssl/ssl_client_auth.vtc index ab8ba18fc3..a223a9c18b 100644 --- a/reg-tests/ssl/ssl_client_auth.vtc +++ b/reg-tests/ssl/ssl_client_auth.vtc @@ -25,7 +25,9 @@ server s1 -repeat 3 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif defaults mode http diff --git a/reg-tests/ssl/ssl_client_samples.vtc b/reg-tests/ssl/ssl_client_samples.vtc index 5a84e4b254..6b770822c9 100644 --- a/reg-tests/ssl/ssl_client_samples.vtc +++ b/reg-tests/ssl/ssl_client_samples.vtc @@ -12,7 +12,9 @@ server s1 -repeat 3 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 crt-base ${testdir} diff --git a/reg-tests/ssl/ssl_crt-list_filters.vtc b/reg-tests/ssl/ssl_crt-list_filters.vtc index 1d21ed8a1e..843d85af47 100644 --- a/reg-tests/ssl/ssl_crt-list_filters.vtc +++ b/reg-tests/ssl/ssl_crt-list_filters.vtc @@ -16,7 +16,9 @@ server s1 -repeat 6 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif crt-base ${testdir} stats socket "${tmpdir}/h1/stats" level admin diff --git a/reg-tests/ssl/ssl_curve_name.vtc b/reg-tests/ssl/ssl_curve_name.vtc index a285a8f86b..551679177e 100644 --- a/reg-tests/ssl/ssl_curve_name.vtc +++ b/reg-tests/ssl/ssl_curve_name.vtc @@ -11,7 +11,9 @@ server s1 -repeat 3 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 crt-base ${testdir} diff --git a/reg-tests/ssl/ssl_curves.vtc b/reg-tests/ssl/ssl_curves.vtc index 6a8b1b690d..5ffd2d8bdf 100644 --- a/reg-tests/ssl/ssl_curves.vtc +++ b/reg-tests/ssl/ssl_curves.vtc @@ -39,7 +39,9 @@ syslog Slg_cust_fmt -level info { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif defaults mode http diff --git a/reg-tests/ssl/ssl_default_server.vtc b/reg-tests/ssl/ssl_default_server.vtc index 485a9ba171..88a3ccbe4d 100644 --- a/reg-tests/ssl/ssl_default_server.vtc +++ b/reg-tests/ssl/ssl_default_server.vtc @@ -22,7 +22,9 @@ server s1 -repeat 7 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h1/stats" level admin crt-base ${testdir} diff --git a/reg-tests/ssl/ssl_errors.vtc b/reg-tests/ssl/ssl_errors.vtc index 8fb9c5a121..a3c54553c6 100644 --- a/reg-tests/ssl/ssl_errors.vtc +++ b/reg-tests/ssl/ssl_errors.vtc @@ -168,7 +168,9 @@ syslog Slg_bcknd_fe -level info { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 stats socket "${tmpdir}/h1/stats" level admin .if openssl_version_atleast(3.0.0) diff --git a/reg-tests/ssl/ssl_frontend_samples.vtc b/reg-tests/ssl/ssl_frontend_samples.vtc index 401e193448..56a208bccd 100644 --- a/reg-tests/ssl/ssl_frontend_samples.vtc +++ b/reg-tests/ssl/ssl_frontend_samples.vtc @@ -11,7 +11,9 @@ server s1 -repeat 3 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 crt-base ${testdir} diff --git a/reg-tests/ssl/ssl_generate_certificate.vtc b/reg-tests/ssl/ssl_generate_certificate.vtc index ba0b53b36c..ace27d877b 100644 --- a/reg-tests/ssl/ssl_generate_certificate.vtc +++ b/reg-tests/ssl/ssl_generate_certificate.vtc @@ -27,7 +27,9 @@ server s1 -repeat 6 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 2048 defaults diff --git a/reg-tests/ssl/ssl_server_samples.vtc b/reg-tests/ssl/ssl_server_samples.vtc index c037523b12..2841d1cc63 100644 --- a/reg-tests/ssl/ssl_server_samples.vtc +++ b/reg-tests/ssl/ssl_server_samples.vtc @@ -11,7 +11,9 @@ server s1 -repeat 3 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 crt-base ${testdir} stats socket "${tmpdir}/h1/stats" level admin diff --git a/reg-tests/ssl/ssl_simple_crt-list.vtc b/reg-tests/ssl/ssl_simple_crt-list.vtc index f7b03a2753..d70327b0b1 100644 --- a/reg-tests/ssl/ssl_simple_crt-list.vtc +++ b/reg-tests/ssl/ssl_simple_crt-list.vtc @@ -12,7 +12,9 @@ server s1 -repeat 4 { haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif crt-base ${testdir} stats socket "${tmpdir}/h1/stats" level admin diff --git a/reg-tests/ssl/wrong_ctx_storage.vtc b/reg-tests/ssl/wrong_ctx_storage.vtc index dd746d46d1..4275731fe6 100644 --- a/reg-tests/ssl/wrong_ctx_storage.vtc +++ b/reg-tests/ssl/wrong_ctx_storage.vtc @@ -24,7 +24,9 @@ feature ignore_unknown_macro haproxy h1 -conf { global + .if !ssllib_name_startswith(AWS-LC) tune.ssl.default-dh-param 2048 + .endif tune.ssl.capture-buffer-size 1 defaults