diff --git a/src/proxy/unit_tests/stub.cc b/src/proxy/unit_tests/stub.cc index ba279051a34..a1a95fe8ccb 100644 --- a/src/proxy/unit_tests/stub.cc +++ b/src/proxy/unit_tests/stub.cc @@ -22,3 +22,5 @@ */ #include "proxy/IPAllow.h" + +uint8_t IpAllow::subjects[IpAllow::Subject::MAX_SUBJECTS]; diff --git a/tests/gold_tests/pluginTest/tsapi/test_TSVConnPPInfo.test.py b/tests/gold_tests/pluginTest/tsapi/test_TSVConnPPInfo.test.py index 0c45109d971..e74e2c40d61 100644 --- a/tests/gold_tests/pluginTest/tsapi/test_TSVConnPPInfo.test.py +++ b/tests/gold_tests/pluginTest/tsapi/test_TSVConnPPInfo.test.py @@ -73,7 +73,9 @@ # plaintext HTTP tr = Test.AddTestRun() tr.TimeOut = 10 -tr.Processes.Default.Command = f"curl --haproxy-protocol --haproxy-clientip 1.2.3.4 'http://127.0.0.1:{ts.Variables.proxy_protocol_port}/httpbin/get'" +tr.Processes.Default.Command = ( + f"curl --haproxy-protocol --haproxy-clientip 1.2.3.4 " + f"'http://127.0.0.1:{ts.Variables.proxy_protocol_port}/httpbin/get'") tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.StartBefore(httpbin) tr.Processes.Default.StartBefore(Test.Processes.ts) @@ -84,7 +86,9 @@ # HTTPS tr = Test.AddTestRun() tr.TimeOut = 10 -tr.Processes.Default.Command = f"curl --haproxy-protocol --haproxy-clientip 5.6.7.8 -k 'https://127.0.0.1:{ts.Variables.proxy_protocol_ssl_port}/httpbin/get'" +tr.Processes.Default.Command = ( + f"curl --haproxy-protocol --haproxy-clientip 5.6.7.8 -k " + f"'https://127.0.0.1:{ts.Variables.proxy_protocol_ssl_port}/httpbin/get'") tr.Processes.Default.ReturnCode = 0 tr.Processes.Default.Streams.stdout = "test_TSVConnPPInfo_curl1.gold" tr.StillRunningAfter = httpbin @@ -95,7 +99,8 @@ tr.Processes.Default.ReturnCode = 0 f = tr.Disk.File(log_path) f.Content = "test_TSVConnPPInfo_plugin_log.gold" +# curl 8.20+ intentionally uses --haproxy-clientip for both PROXY addresses so the address family matches. f.Content += Testers.ContainsExpression( - "PP Info Received:V1,P2,T1,SRC1.2.3.4,DST127.0.0.1", "Expected information should be received") + r"PP Info Received:V1,P2,T1,SRC1\.2\.3\.4,DST(127\.0\.0\.1|1\.2\.3\.4)", "Expected information should be received") f.Content += Testers.ContainsExpression( - "PP Info Received:V1,P2,T1,SRC5.6.7.8,DST127.0.0.1", "Expected information should be received") + r"PP Info Received:V1,P2,T1,SRC5\.6\.7\.8,DST(127\.0\.0\.1|5\.6\.7\.8)", "Expected information should be received") diff --git a/tests/gold_tests/tls/tls_flow_control.test.py b/tests/gold_tests/tls/tls_flow_control.test.py index f1da9221825..4ff3886f6e2 100644 --- a/tests/gold_tests/tls/tls_flow_control.test.py +++ b/tests/gold_tests/tls/tls_flow_control.test.py @@ -70,13 +70,7 @@ def _configure_trafficserver(self) -> 'Process': TestTlsFlowControl._ts_counter += 1 ts.addDefaultSSLFiles() - ts.Disk.ssl_multicert_yaml.AddLines( - """ -ssl_multicert: - - dest_ip: "*" - ssl_cert_name: server.pem - ssl_key_name: server.key -""".split("\n")) + ts.Disk.ssl_multicert_config.AddLine('dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key') ts.Disk.remap_config.AddLine(f'map / http://127.0.0.1:{self._server.Variables.Port}') ts.Disk.records_config.update( { diff --git a/tests/gold_tests/tls/tls_record_size.test.py b/tests/gold_tests/tls/tls_record_size.test.py index b40c33a6fa5..da1960a30d1 100644 --- a/tests/gold_tests/tls/tls_record_size.test.py +++ b/tests/gold_tests/tls/tls_record_size.test.py @@ -75,13 +75,7 @@ def _configure_trafficserver(self) -> 'Process': TestRecordSizeClamp._ts_counter += 1 ts.addDefaultSSLFiles() - ts.Disk.ssl_multicert_yaml.AddLines( - """ -ssl_multicert: - - dest_ip: "*" - ssl_cert_name: server.pem - ssl_key_name: server.key -""".split("\n")) + ts.Disk.ssl_multicert_config.AddLine('dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key') ts.Disk.remap_config.AddLine(f'map / http://127.0.0.1:{self._server.Variables.Port}') ts.Disk.records_config.update( { diff --git a/tests/gold_tests/tls/tls_reload_under_load.test.py b/tests/gold_tests/tls/tls_reload_under_load.test.py index 1828da760d2..1726a112d72 100644 --- a/tests/gold_tests/tls/tls_reload_under_load.test.py +++ b/tests/gold_tests/tls/tls_reload_under_load.test.py @@ -1,6 +1,6 @@ ''' Existing cert/SNI reload tests reload while the server is idle. This one drives -continuous concurrent TLS handshakes and reloads ssl_multicert.yaml on top of +continuous concurrent TLS handshakes and reloads ssl_multicert.config on top of them, stressing the SSL/BIO ownership boundary of the layered TLS VConnection. The swapped-in certificate must take effect, every handshake must succeed, and ATS must not crash. @@ -51,13 +51,7 @@ def _configure_trafficserver(self) -> 'Process': ts.addSSLfile("ssl/signed-bar.key") ts.addSSLfile("ssl/signed2-bar.pem") - ts.Disk.ssl_multicert_yaml.AddLines( - """ -ssl_multicert: - - dest_ip: "*" - ssl_cert_name: signed-bar.pem - ssl_key_name: signed-bar.key -""".split("\n")) + ts.Disk.ssl_multicert_config.AddLine('dest_ip=* ssl_cert_name=signed-bar.pem ssl_key_name=signed-bar.key') ts.Disk.records_config.update( { 'proxy.config.ssl.server.cert.path': f'{ts.Variables.SSLDir}', @@ -69,7 +63,7 @@ def _configure_trafficserver(self) -> 'Process': # The reload must actually have run (otherwise the test would be vacuous). ts.Disk.diags_log.Content = Testers.ContainsExpression( - "ssl_multicert.yaml finished loading", "the cert configuration must reload while load is in flight") + "ssl_multicert.config finished loading", "the cert configuration must reload while load is in flight") # The reload-under-load must not crash or trip an assertion / sanitizer. ts.Disk.traffic_out.Content = Testers.ExcludesExpression( "received signal|failed assertion", "ATS must not crash reloading certs under load") diff --git a/tests/gold_tests/tls/tls_renegotiation.test.py b/tests/gold_tests/tls/tls_renegotiation.test.py index 70fecc14df4..a65979bb232 100644 --- a/tests/gold_tests/tls/tls_renegotiation.test.py +++ b/tests/gold_tests/tls/tls_renegotiation.test.py @@ -61,13 +61,7 @@ def _configure_trafficserver(self) -> 'Process': ts.addSSLfile("ssl/server.pem") ts.addSSLfile("ssl/server.key") - ts.Disk.ssl_multicert_yaml.AddLines( - """ -ssl_multicert: - - dest_ip: "*" - ssl_cert_name: server.pem - ssl_key_name: server.key -""".split("\n")) + ts.Disk.ssl_multicert_config.AddLine('dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key') ts.Disk.records_config.update( { 'proxy.config.ssl.server.cert.path': f'{ts.Variables.SSLDir}', diff --git a/tests/gold_tests/tls/tls_renegotiation_allowed.test.py b/tests/gold_tests/tls/tls_renegotiation_allowed.test.py index a5f58ff3581..c903bfcd0b8 100644 --- a/tests/gold_tests/tls/tls_renegotiation_allowed.test.py +++ b/tests/gold_tests/tls/tls_renegotiation_allowed.test.py @@ -83,13 +83,7 @@ def _configure_trafficserver(self) -> 'Process': ts.addSSLfile("ssl/server.pem") ts.addSSLfile("ssl/server.key") - ts.Disk.ssl_multicert_yaml.AddLines( - """ -ssl_multicert: - - dest_ip: "*" - ssl_cert_name: server.pem - ssl_key_name: server.key -""".split("\n")) + ts.Disk.ssl_multicert_config.AddLine('dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key') ts.Disk.records_config.update( { 'proxy.config.ssl.server.cert.path': f'{ts.Variables.SSLDir}',