REGTEST: quic: add ssl_reuse.vtc new QUIC test

Note that this test does not work with OpenSSL 3.5.0 QUIC API because
the callback set by SSL_CTX_sess_set_new_cb() (ssl_sess_new_srv_cb()) is not
called (at least for QUIC clients)

The role of this new QUIC test is to run the same SSL/TCP test as
reg-tests/ssl/ssl_reuse.vtc but with QUIC connections where applicable (only with
TLSv1.3).

To do so, this QUIC test uses the "include" vtc command to run ssl/ssl_reuse.vtc
It also sets the VTC_SOCK_TYPE environment variable with the "setenv" command and
"quic" as value. This will ask vtest2 to use QUIC sockets for all "fd@{...}"
addresses prefixed by "${VTC_SOCK_TYPE}+" socket type if VTC_SOCK_TYPE value is "quic".

The SSL/TCP is modified to set this environment variable with "setenv -ifunset"
from ssl/ssl_reuse.vtc with "stream" as value, if it not already set.

vtest2 must be used with this patch to support this new QUIC test:
https://github.com/vtest/VTest2/commit/9aa4d498dbd426adef8779c692a3e0865e55b9c2

Thanks to this latter patch, vtest2 retrieves the VTC_SOCK_TYPE environment variable
value, then it parses the vtc file to retrieve all the fd addresses prefixed by
"${VTC_SOCK_TYPE}+" and creates a QUIC socket or a TCP socket depending on this
variable value.

diff --git a/reg-tests/quic/ssl_reuse.vtc b/reg-tests/quic/ssl_reuse.vtc
new file mode 100644 (file)
index 0000000..6502923
--- /dev/null
+++ b/reg-tests/quic/ssl_reuse.vtc
@@ -0,0 +1,10 @@
+#REGTEST_TYPE=devel
+
+# Same test as ssl/ssl_reuse.vtc, but with QUIC connections where applicable (only for TLSv3)
+
+varnishtest "Test if the SSL session/ticket reuse work correctly"
+
+feature cmd "$HAPROXY_PROGRAM -cc 'feature(QUIC) && !feature(QUIC_OPENSSL_COMPAT) && !feature(OPENSSL_WOLFSSL) && openssl_version_before(3.5.0)'"
+
+setenv VTC_SOCK_TYPE quic
+include ${testdir}/../ssl/ssl_reuse.vtc

diff --git a/reg-tests/ssl/ssl_reuse.vtc b/reg-tests/ssl/ssl_reuse.vtc
index 57ef5f62ce5a43f02e69e167d4f8220cd3a91da1..7ca8e3d646c865875a0b1af1bbfaf7e145ae3878 100644 (file)
--- a/reg-tests/ssl/ssl_reuse.vtc
+++ b/reg-tests/ssl/ssl_reuse.vtc
@@ -13,8 +13,14 @@ server s1 -repeat 84 {
     txresp
 } -start
 
+setenv -ifunset VTC_SOCK_TYPE stream
+
 haproxy h1 -conf {
    global
+    .if streq("$VTC_SOCK_TYPE",quic)
+        # required for backend connections
+        expose-experimental-directives
+    .endif
     .if feature(THREAD)
         thread-groups 1
     .endif
@@ -45,19 +51,19 @@ haproxy h1 -conf {
 
     listen clst3
         bind "fd@${clst3}"
-        server s1 "${h1_fe3_addr}:${h1_fe3_port}" ssl verify none  sni str(www.test1.com)
+        server s1 "${VTC_SOCK_TYPE}+${h1_fe3_addr}:${h1_fe3_port}" ssl verify none  sni str(www.test1.com)
         http-response add-header x-ssl-bc-resumed %[ssl_bc_is_resumed]
 
     listen clst4
         bind "fd@${clst4}"
-        server s1 "${h1_fe4_addr}:${h1_fe4_port}" ssl verify none  sni str(www.test1.com)
+        server s1 "${VTC_SOCK_TYPE}+${h1_fe4_addr}:${h1_fe4_port}" ssl verify none  sni str(www.test1.com)
         http-response add-header x-ssl-bc-resumed %[ssl_bc_is_resumed]
 
     listen ssl
         bind "fd@${fe1}" ssl crt ${testdir}/common.pem ssl-max-ver TLSv1.2
         bind "fd@${fe2}" ssl crt ${testdir}/common.pem ssl-max-ver TLSv1.2 no-tls-tickets
-        bind "fd@${fe3}" ssl crt ${testdir}/common.pem ssl-min-ver TLSv1.3
-        bind "fd@${fe4}" ssl crt ${testdir}/common.pem ssl-min-ver TLSv1.3 no-tls-tickets
+        bind "${VTC_SOCK_TYPE}+fd@${fe3}" ssl crt ${testdir}/common.pem ssl-min-ver TLSv1.3
+        bind "${VTC_SOCK_TYPE}+fd@${fe4}" ssl crt ${testdir}/common.pem ssl-min-ver TLSv1.3 no-tls-tickets
 
         http-response add-header x-ssl-resumed %[ssl_fc_is_resumed]
         server s1 ${s1_addr}:${s1_port}