From: Frederic Lecaille Date: Thu, 11 Dec 2025 12:23:18 +0000 (+0100) Subject: REGTESTS: quic: fix a TLS stack usage X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;p=thirdparty%2Fhaproxy.git REGTESTS: quic: fix a TLS stack usage This issue was reported in GH #3214 where quic/tls13_ssl_crt-list_filters.vtc QUIC reg test was run without haproxy QUIC support due to OPENSSL_AWSLC enabled featured. This is due to the fact that when ssl/tls13_ssl_crt-list_filters.vtc has been ported to QUIC the feature(OPENSSL) was silly replaced by feature(QUIC) leading the script to be run even without QUIC support if OR'ed OPENSSL_AWSLC feature is enabled. A good method to port these feature() commands to QUIC would have been to add a feature(QUIC) command seperated from the one used for the supported TLS stacks identified by the original underlying ssl reg tests (in reg-tests/ssl). This is what is done by this patch. Thank you to @idl0r for having reported this issue. --- diff --git a/reg-tests/quic/tls13_ssl_crt-list_filters.vtc b/reg-tests/quic/tls13_ssl_crt-list_filters.vtc index 561493fd7..37482d9be 100644 --- a/reg-tests/quic/tls13_ssl_crt-list_filters.vtc +++ b/reg-tests/quic/tls13_ssl_crt-list_filters.vtc @@ -1,7 +1,10 @@ #REGTEST_TYPE=bug varnishtest "Test for ECDSA/RSA selection and crt-list filters" feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.8)'" -feature cmd "$HAPROXY_PROGRAM -cc 'feature(QUIC) && !feature(QUIC_OPENSSL_COMPAT) && ssllib_name_startswith(OpenSSL) && openssl_version_atleast(1.1.1) || feature(OPENSSL_AWSLC)'" +feature cmd "$HAPROXY_PROGRAM -cc 'feature(QUIC)'" +# Note that USE_OPENSSL is always set if USE_QUIC is set +# Same conditions as for ssl/tls13_ssl_crt-list_filters.vtc about TLS library versions +feature cmd "$HAPROXY_PROGRAM -cc 'ssllib_name_startswith(OpenSSL) && openssl_version_atleast(1.1.1) || feature(OPENSSL_AWSLC)'" # This test checks if the multiple certificate types works correctly with the # SNI, and that the negative filters are correctly excluded #