1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
|
#REGTEST_TYPE=devel
# This teg-test verifies that different ALPN values on the "server" line
# will negotiate the expected protocol depending on the ALPN "bind" line.
# It requires OpenSSL >= 1.0.2 for ALPN
varnishtest "Test the bind 'alpn' setting"
feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.8-dev7)'"
feature cmd "$HAPROXY_PROGRAM -cc 'feature(OPENSSL) && openssl_version_atleast(1.0.2)'"
feature ignore_unknown_macro
haproxy h1 -conf {
global
.if feature(THREAD)
thread-groups 1
.endif
.if !ssllib_name_startswith(AWS-LC)
tune.ssl.default-dh-param 2048
.endif
defaults
mode http
option httplog
log stderr local0 debug err
timeout connect "${HAPROXY_TEST_TIMEOUT-5s}"
timeout client "${HAPROXY_TEST_TIMEOUT-5s}"
timeout server "${HAPROXY_TEST_TIMEOUT-5s}"
listen px-clr
bind "fd@${clearfe}"
default-server ssl verify none
# first digit select the alpn sent by the client, second digit, the server one
use-server s00 if { path /00 }
server s00 "${tmpdir}/ssl0.sock"
use-server s01 if { path /01 }
server s01 "${tmpdir}/ssl1.sock"
use-server s02 if { path /02 }
server s02 "${tmpdir}/ssl2.sock"
use-server s03 if { path /03 }
server s03 "${tmpdir}/ssl3.sock"
use-server s04 if { path /04 }
server s04 "${tmpdir}/ssl4.sock"
use-server s10 if { path /10 }
server s10 "${tmpdir}/ssl0.sock" alpn http/1.1
use-server s11 if { path /11 }
server s11 "${tmpdir}/ssl1.sock" alpn http/1.1
use-server s12 if { path /12 }
server s12 "${tmpdir}/ssl2.sock" alpn http/1.1
use-server s13 if { path /13 }
server s13 "${tmpdir}/ssl3.sock" alpn http/1.1
use-server s14 if { path /14 }
server s14 "${tmpdir}/ssl4.sock" alpn http/1.1
use-server s20 if { path /20 }
server s20 "${tmpdir}/ssl0.sock" alpn h2
use-server s21 if { path /21 }
server s21 "${tmpdir}/ssl1.sock" alpn h2
use-server s22 if { path /22 }
server s22 "${tmpdir}/ssl2.sock" alpn h2
use-server s23 if { path /23 }
server s23 "${tmpdir}/ssl3.sock" alpn h2
use-server s24 if { path /24 }
server s24 "${tmpdir}/ssl4.sock" alpn h2
use-server s30 if { path /30 }
server s30 "${tmpdir}/ssl0.sock" alpn h2,http/1.1
use-server s31 if { path /31 }
server s31 "${tmpdir}/ssl1.sock" alpn h2,http/1.1
use-server s32 if { path /32 }
server s32 "${tmpdir}/ssl2.sock" alpn h2,http/1.1
use-server s33 if { path /33 }
server s33 "${tmpdir}/ssl3.sock" alpn h2,http/1.1
use-server s34 if { path /34 }
server s34 "${tmpdir}/ssl4.sock" alpn h2,http/1.1
frontend fe-ssl
bind "${tmpdir}/ssl0.sock" ssl crt ${testdir}/common.pem
bind "${tmpdir}/ssl1.sock" ssl crt ${testdir}/common.pem alpn http/1.1
bind "${tmpdir}/ssl2.sock" ssl crt ${testdir}/common.pem alpn h2
bind "${tmpdir}/ssl3.sock" ssl crt ${testdir}/common.pem alpn h2,http/1.1
bind "${tmpdir}/ssl4.sock" ssl crt ${testdir}/common.pem no-alpn
http-request return status 200 hdr x-alpn _%[ssl_fc_alpn] hdr x-path %[path] hdr x-ver _%[req.ver]
} -start
# client sends no alpn
client c1 -connect ${h1_clearfe_sock} {
txreq -url "/00"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_"
expect resp.http.x-ver == "_1.1"
txreq -url "/01"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_"
expect resp.http.x-ver == "_1.1"
txreq -url "/02"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_"
expect resp.http.x-ver == "_1.1"
txreq -url "/03"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_"
expect resp.http.x-ver == "_1.1"
txreq -url "/04"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_"
expect resp.http.x-ver == "_1.1"
} -run
# client sends alpn=http/1.1
client c1 -connect ${h1_clearfe_sock} {
txreq -url "/10"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_http/1.1"
expect resp.http.x-ver == "_1.1"
txreq -url "/11"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_http/1.1"
expect resp.http.x-ver == "_1.1"
txreq -url "/12"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_"
expect resp.http.x-ver == "_1.1"
txreq -url "/13"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_http/1.1"
expect resp.http.x-ver == "_1.1"
txreq -url "/14"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_"
expect resp.http.x-ver == "_1.1"
} -run
# client sends alpn=h2
client c1 -connect ${h1_clearfe_sock} {
txreq -url "/20"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_h2"
expect resp.http.x-ver == "_2.0"
txreq -url "/21"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_"
expect resp.http.x-ver == "_1.1"
txreq -url "/22"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_h2"
expect resp.http.x-ver == "_2.0"
txreq -url "/23"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_h2"
expect resp.http.x-ver == "_2.0"
txreq -url "/24"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_"
expect resp.http.x-ver == "_1.1"
} -run
# client sends alpn=h2,http/1.1
client c1 -connect ${h1_clearfe_sock} {
txreq -url "/30"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_h2"
expect resp.http.x-ver == "_2.0"
txreq -url "/31"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_http/1.1"
expect resp.http.x-ver == "_1.1"
txreq -url "/32"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_h2"
expect resp.http.x-ver == "_2.0"
txreq -url "/33"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_h2"
expect resp.http.x-ver == "_2.0"
txreq -url "/34"
rxresp
expect resp.status == 200
expect resp.http.x-alpn == "_"
expect resp.http.x-ver == "_1.1"
} -run
|
