From: Frederic Lecaille <flecaille@haproxy.com>
Date: Thu, 30 Oct 2025 14:11:11 +0000 (+0100)
Subject: REGTEST: quic: add dynamic_server_ssl.vtc new QUIC test
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=770dfde7a402767719fc0313b4f0aee5e2ae13f8;p=thirdparty%2Fhaproxy.git

REGTEST: quic: add dynamic_server_ssl.vtc new QUIC test

This new reg test calls reg-test/ssl/dynamic_server_ssl.vtc to run exactly the
same test but with QUIC connections.
---

diff --git a/reg-tests/quic/client1.pem b/reg-tests/quic/client1.pem
new file mode 120000
index 000000000..c4d14f042
--- /dev/null
+++ b/reg-tests/quic/client1.pem
@@ -0,0 +1 @@
+../ssl/client1.pem
\ No newline at end of file
diff --git a/reg-tests/quic/client2_expired.pem b/reg-tests/quic/client2_expired.pem
new file mode 120000
index 000000000..668c52514
--- /dev/null
+++ b/reg-tests/quic/client2_expired.pem
@@ -0,0 +1 @@
+../ssl/client2_expired.pem
\ No newline at end of file
diff --git a/reg-tests/quic/dynamic_server_ssl.vtc b/reg-tests/quic/dynamic_server_ssl.vtc
new file mode 100644
index 000000000..944c731f8
--- /dev/null
+++ b/reg-tests/quic/dynamic_server_ssl.vtc
@@ -0,0 +1,10 @@
+#REGTEST_TYPE=devel
+
+# Same test as ssl/dynamic_server_ssl.vtc, but with QUIC connections where applicable (only for TLSv3)
+
+varnishtest "Delete server via cli and update certificates"
+
+feature cmd "$HAPROXY_PROGRAM -cc 'feature(QUIC) && !feature(QUIC_OPENSSL_COMPAT) && !feature(OPENSSL_WOLFSSL)'"
+
+setenv VTC_SOCK_TYPE quic
+include ${testdir}/../ssl/dynamic_server_ssl.vtc
diff --git a/reg-tests/ssl/dynamic_server_ssl.vtc b/reg-tests/ssl/dynamic_server_ssl.vtc
index 2529e9450..2d6f7bacd 100644
--- a/reg-tests/ssl/dynamic_server_ssl.vtc
+++ b/reg-tests/ssl/dynamic_server_ssl.vtc
@@ -16,8 +16,14 @@ server s1 -repeat 3 {
 	  -body "resp from s1"
 } -start
 
+setenv -ifunset VTC_SOCK_TYPE stream
+
 haproxy h1 -conf {
 	global
+    .if streq("$VTC_SOCK_TYPE",quic)
+        # required for backend connections
+        expose-experimental-directives
+    .endif
     .if feature(THREAD)
         thread-groups 1
     .endif
@@ -36,13 +42,13 @@ haproxy h1 -conf {
 		default_backend test
 
 	backend test
-		server s1 "${tmpdir}/ssl.sock" ssl verify none crt "${testdir}/client1.pem"
-		server s2 "${tmpdir}/ssl.sock" ssl verify none crt "${testdir}/client1.pem"
-		server s3 "${tmpdir}/ssl.sock" ssl verify none crt "${testdir}/client1.pem"
+		server s1 "${VTC_SOCK_TYPE}+${h1_ssl_sock}" ssl verify none crt "${testdir}/client1.pem"
+		server s2 "${VTC_SOCK_TYPE}+${h1_ssl_sock}" ssl verify none crt "${testdir}/client1.pem"
+		server s3 "${VTC_SOCK_TYPE}+${h1_ssl_sock}" ssl verify none crt "${testdir}/client1.pem"
 
 
 	listen ssl-lst
-		bind "${tmpdir}/ssl.sock" ssl crt "${testdir}/common.pem"
+		bind "${VTC_SOCK_TYPE}+fd@${ssl}" ssl crt "${testdir}/common.pem"
 		server s1 ${s1_addr}:${s1_port}
 
 } -start
@@ -98,7 +104,7 @@ haproxy h1 -cli {
 }
 
 haproxy h1 -cli {
-	send "add server test/s1 ${tmpdir}/ssl.sock ssl verify none crt ${testdir}/client1.pem"
+	send "add server test/s1 ${VTC_SOCK_TYPE}+${h1_ssl_sock} ssl verify none crt ${testdir}/client1.pem"
 	expect ~ "New server registered."
 	send "enable server test/s1"
 	expect ~ ".*"