upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-02-03 20:39:41 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 12
haproxy/reg-tests/ssl
History
William Lallemand 21b192e799
Some checks are pending
Contrib / build (push) Waiting to run
Details
alpine/musl / gcc (push) Waiting to run
Details
VTest / Generate Build Matrix (push) Waiting to run
Details
VTest / (push) Blocked by required conditions
Details
Windows / Windows, gcc, all features (push) Waiting to run
Details
REGTESTS: ssl: fix generate-certificates w/ LibreSSL 
Since commit eb5279b15 ("BUG/MEDIUM: ssl: fix generate-certificates
option when SNI greater than 64bytes") the LibreSSL job does not seem to
work anymore.

Indeed the reg-tests was modified to add a SNI longer than 64 bytes,
without any concern about the DNS standard, which allows only 63 bytes
per label.

LibreSSL is stricter than the other libraries about that, and checks
that the SNI is compliant with the DNS RFC in the
tlsext_sni_is_valid_hostname() function
https://github.com/libressl/openbsd/blob/OPENBSD_7_8/src/lib/libssl/ssl_tlsext.c#L710

This patch fixes the issue by splitting the SNI with a second label to
reach more than 64 bytes.

Must be backported with eb5279b15 in every stable branches.
2026-01-21 16:50:16 +01:00
..
certs REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory 2025-12-08 10:40:59 +01:00
add_ssl_crt-list.vtc REGTESTS: quic: add_ssl_crt-list.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
add_ssl_crt-list.vtci REGTESTS: quic: add_ssl_crt-list.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
crt_store.vtc REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory 2025-12-08 10:40:59 +01:00
del_ssl_crt-list.vtc REGTESTS: quic/ssl: ssl/del_ssl_crt-list.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
del_ssl_crt-list.vtci REGTESTS: quic/ssl: ssl/del_ssl_crt-list.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
dynamic_server_ssl.vtc REGTESTS: quic: dynamic_server_ssl.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
dynamic_server_ssl.vtci REGTESTS: quic: dynamic_server_ssl.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
issuers_chain_path.vtc REGTESTS: quic: issuers_chain_path.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
issuers_chain_path.vtci REGTESTS: quic: issuers_chain_path.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
log_forward_ssl.vtc REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory 2025-12-08 10:40:59 +01:00
new_del_ssl_cafile.vtc REGTESTS: quic: new_del_ssl_cafile.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
new_del_ssl_cafile.vtci REGTESTS: quic: new_del_ssl_cafile.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
new_del_ssl_crlfile.vtc REGTESTS: quic: new_del_ssl_crlfile.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
new_del_ssl_crlfile.vtci REGTESTS: quic: new_del_ssl_crlfile.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ocsp_auto_update.vtc REGTESTS: quic: ocsp_auto_update.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ocsp_auto_update.vtci REGTESTS: quic: ocsp_auto_update.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ocsp_compat_check.vtc REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory 2025-12-08 10:40:59 +01:00
README MINOR: reg-tests: Add a few regression testing files. 2018-06-20 10:03:24 +02:00
set_ssl_bug_2265.vtc REGTESTS: quic: set_ssl_bug_2265.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
set_ssl_bug_2265.vtci REGTESTS: quic: set_ssl_bug_2265.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
set_ssl_cafile.vtc REGTESTS: quic: set_ssl_cafile.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
set_ssl_cafile.vtci REGTESTS: quic: set_ssl_cafile.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
set_ssl_cert.vtc REGTESTS: quic: set_ssl_cert.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
set_ssl_cert.vtci REGTESTS: quic: set_ssl_cert.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
set_ssl_cert_bundle.vtc REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory 2025-12-08 10:40:59 +01:00
set_ssl_cert_noext.vtc REGTESTS: quic: set_ssl_cert_noext.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
set_ssl_cert_noext.vtci REGTESTS: quic: set_ssl_cert_noext.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
set_ssl_crlfile.vtc REGTESTS: quic: set_ssl_crlfile.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
set_ssl_crlfile.vtci REGTESTS: quic: set_ssl_crlfile.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
set_ssl_server_cert.vtc REGTESTS: quic: set_ssl_server_cert.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
set_ssl_server_cert.vtci REGTESTS: quic: set_ssl_server_cert.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
show_ssl_ocspresponse.vtc REGTESTS: quic: show_ssl_ocspresponse.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
show_ssl_ocspresponse.vtci REGTESTS: quic: show_ssl_ocspresponse.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ssl-0rtt.vtci REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory 2025-12-08 10:40:59 +01:00
ssl_alpn.vtc REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory 2025-12-08 10:40:59 +01:00
ssl_ciphersuites.vtc REGTESTS: add ssl_ciphersuites.vtc (TCP & QUIC) 2025-12-08 10:40:59 +01:00
ssl_ciphersuites.vtci CLEANUP: assorted typo fixes in the code, commits and doc 2025-12-25 19:45:29 +01:00
ssl_client_auth.vtc REGTESTS: quic: ssl_client_auth.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ssl_client_auth.vtci REGTESTS: quic: ssl_client_auth.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ssl_client_samples.vtc REGTESTS: quic: ssl_client_samples.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ssl_client_samples.vtci REGTESTS: quic: ssl_client_samples.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ssl_curve_name.vtc REGTESTS: quic: ssl_curve_name.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ssl_curve_name.vtci REGTESTS: quic: ssl_curve_name.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ssl_curves.vtc REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory 2025-12-08 10:40:59 +01:00
ssl_curves_selection.vtc REGTESTS: quic/ssl: Add ssl_curves_selection.vtc 2025-12-08 10:40:59 +01:00
ssl_curves_selection.vtci CLEANUP: assorted typo fixes in the code, commits and doc 2025-12-25 19:45:29 +01:00
ssl_default_server.vtc REGTESTS: quic: ssl_default_server.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ssl_default_server.vtci REGTESTS: quic: ssl_default_server.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ssl_dh.vtc REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory 2025-12-08 10:40:59 +01:00
ssl_errors.vtc REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory 2025-12-08 10:40:59 +01:00
ssl_frontend_samples.vtc REGTESTS: quic: ssl_frontend_samples.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ssl_frontend_samples.vtci REGTESTS: quic: ssl_frontend_samples.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ssl_generate_certificate.vtc REGTESTS: ssl: fix generate-certificates w/ LibreSSL 2026-01-21 16:50:16 +01:00
ssl_reuse.vtci REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory 2025-12-08 10:40:59 +01:00
ssl_server_samples.vtc REGTESTS: quic: ssl_server_samples.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ssl_server_samples.vtci REGTESTS: quic: ssl_server_samples.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ssl_simple_crt-list.vtc REGTESTS: quic: ssl_simple_crt-list.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ssl_simple_crt-list.vtci REGTESTS: quic: ssl_simple_crt-list.vtc supported by QUIC 2025-12-08 10:40:59 +01:00
ssl_sni_auto.vtc REGTESTS: quic: ssl_sni_auto.vtc code provision for QUIC 2025-12-08 10:40:59 +01:00
ssl_sni_auto.vtci REGTESTS: quic: ssl_sni_auto.vtc code provision for QUIC 2025-12-08 10:40:59 +01:00
tls12_0rtt_stateful.vtc REGTESTS: ssl: split tls*_reuse in stateless and stateful resume tests 2025-12-04 15:05:56 +01:00
tls12_0rtt_stateless.vtc REGTESTS: ssl: split tls*_reuse in stateless and stateful resume tests 2025-12-04 15:05:56 +01:00
tls12_resume_stateful.vtc REGTESTS: ssl: split tls*_reuse in stateless and stateful resume tests 2025-12-04 15:05:56 +01:00
tls12_resume_stateless.vtc REGTESTS: ssl: split tls*_reuse in stateless and stateful resume tests 2025-12-04 15:05:56 +01:00
tls12_ssl_crt-list_filters.vtc MINOR: ssl: Split ssl_crt-list_filters.vtc in two files by TLS version 2025-12-09 07:42:45 +01:00
tls13_0rtt_stateful.vtc REGTESTS: ssl: split tls*_reuse in stateless and stateful resume tests 2025-12-04 15:05:56 +01:00
tls13_0rtt_stateless.vtc REGTESTS: ssl: split tls*_reuse in stateless and stateful resume tests 2025-12-04 15:05:56 +01:00
tls13_resume_stateful.vtc REGTESTS: ssl: split tls*_reuse in stateless and stateful resume tests 2025-12-04 15:05:56 +01:00
tls13_resume_stateless.vtc REGTESTS: ssl: split tls*_reuse in stateless and stateful resume tests 2025-12-04 15:05:56 +01:00
tls13_ssl_crt-list_filters.vtc REGTESTS: quic: tls13_ssl_crt-list_filters.vtc supported by QUIC 2025-12-09 07:42:45 +01:00
tls13_ssl_crt-list_filters.vtci REGTESTS: quic: tls13_ssl_crt-list_filters.vtc supported by QUIC 2025-12-09 07:42:45 +01:00
wrong_ctx_storage.vtc REGTESTS: ssl: Move all the SSL certificates, keys, crt-lists inside "certs" directory 2025-12-08 10:40:59 +01:00

README 

File list:
 - common.pem: PEM file which may be used by most of the VTC files.