Changeset 8a264b0 in mod_gnutls


Ignore:
Timestamp:
Mar 9, 2016, 10:13:58 AM (4 years ago)
Author:
Thomas Klute <thomas2.klute@…>
Branches:
debian/master
Children:
ea9c699
Parents:
02c8e54 (diff), f0923c4 (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.
Message:

Imported Upstream version 0.7.3

Files:
12 added
6 deleted
53 edited

Legend:

Unmodified
Added
Removed
  • CHANGELOG

    r02c8e54 r8a264b0  
    22- Handle Unclean Shutdowns
    33- make session cache use generic apache caches
     4
     5** Version 0.7.3 (2016-01-12)
     6- Update test suite for compatibility with GnuTLS 3.4, which has
     7  stricter key usage checks and priorities than 3.3.
     8- Write non-HTML output to mod_status reports if AP_STATUS_SHORT is
     9  set (mod_status sets it for requests with the "auto" parameter, e.g.
     10  https://localhost/server-status?auto).
     11- Register "ssl_is_https" function so the special mod_rewrite variable
     12  %{HTTPS} works correctly with mod_gnutls. The new test case for this
     13  requires Wget or curl. Fixes Debian bug #514005.
     14- Test suite servers listen on IPv4 *and* IPv6 loopback addresses by
     15  default (other addresses configurable), which should fix failures
     16  due to localhost randomly resolving to either on some distributions.
     17- Isolate tests using network namespaces, if possible. This avoids
     18  port conflicts with other test cases (so they can run in parallel)
     19  and host services.
     20- Support for local Apache drop-in config files in the test suite
     21  (e.g. to load additional modules needed on Fedora).
     22- Try to use markdown to build HTML documentation if pandoc is not
     23  available.
     24- Disable use of flock if it is unavailable or does not support
     25  timeouts (the latter caused the build to fail on Debian Hurd).
     26- New test: Disable TLS 1.0 (regression test for Debian bug #754960).
    427
    528** Version 0.7.2 (2015-11-21)
  • configure

    r02c8e54 r8a264b0  
    11#! /bin/sh
    22# Guess values for system-dependent variables and create Makefiles.
    3 # Generated by GNU Autoconf 2.69 for mod_gnutls 0.7.2.
     3# Generated by GNU Autoconf 2.69 for mod_gnutls 0.7.3.
    44#
    55#
     
    588588PACKAGE_NAME='mod_gnutls'
    589589PACKAGE_TARNAME='mod_gnutls'
    590 PACKAGE_VERSION='0.7.2'
    591 PACKAGE_STRING='mod_gnutls 0.7.2'
     590PACKAGE_VERSION='0.7.3'
     591PACKAGE_STRING='mod_gnutls 0.7.3'
    592592PACKAGE_BUGREPORT=''
    593593PACKAGE_URL=''
     
    634634LTLIBOBJS
    635635LIBOBJS
     636LISTEN_LIST
    636637TEST_IP
    637638TEST_HOST
    638639MODULE_LIBS
    639640MODULE_CFLAGS
     641HTTP_CLI
    640642APACHE2
     643USE_MARKDOWN_FALSE
     644USE_MARKDOWN_TRUE
    641645USE_PDFLATEX_FALSE
    642646USE_PDFLATEX_TRUE
    643647USE_PANDOC_FALSE
    644648USE_PANDOC_TRUE
     649MARKDOWN
    645650PDFLATEX
    646651PANDOC
     
    651656USE_MSVA_FALSE
    652657USE_MSVA_TRUE
     658PID_AFFIX
     659MUTEX_TYPE
     660ENABLE_NETNS_FALSE
     661ENABLE_NETNS_TRUE
     662UNSHARE
     663DISABLE_FLOCK_FALSE
     664DISABLE_FLOCK_TRUE
     665FLOCK
    653666LIBGNUTLS_LIBS
    654667LIBGNUTLS_CFLAGS
     
    819832enable_srp
    820833enable_strict
     834enable_flock
     835enable_test_namespaces
    821836enable_msva
    822837with_apu_config
     
    13781393  # This message is too long to be a string in the A/UX 3.1 sh.
    13791394  cat <<_ACEOF
    1380 \`configure' configures mod_gnutls 0.7.2 to adapt to many kinds of systems.
     1395\`configure' configures mod_gnutls 0.7.3 to adapt to many kinds of systems.
    13811396
    13821397Usage: $0 [OPTION]... [VAR=VALUE]...
     
    14491464if test -n "$ac_init_help"; then
    14501465  case $ac_init_help in
    1451      short | recursive ) echo "Configuration of mod_gnutls 0.7.2:";;
     1466     short | recursive ) echo "Configuration of mod_gnutls 0.7.3:";;
    14521467   esac
    14531468  cat <<\_ACEOF
     
    14761491  --disable-srp           unconditionally disable the SRP functionality
    14771492  --disable-strict        Avoid strict compiler warnings and errors
     1493  --disable-flock         Disable use of flock during tests (some exotic
     1494                          architectures don't support it)
     1495  --disable-test-namespaces
     1496                          Disable use of network namespaces to run tests in
     1497                          parallel (some architectures might not support it)
    14781498  --enable-msva           enable Monkeysphere client certificate verification
    14791499
     
    15091529              linker flags for LIBGNUTLS, overriding pkg-config
    15101530  TEST_HOST   Host name to use for server instances started by "make check",
    1511               must resolve to TEST_IP. The default is "localhost".
    1512   TEST_IP     IP address to use for server instances started by "make check".
    1513               The default is the IPv6 loopback address [::1].
     1531              must resolve to addresses in TEST_IP. The default is
     1532              "localhost".
     1533  TEST_IP     List of IP addresses to use for server instances started by
     1534              "make check". The default is "[::1] 127.0.0.1". Note that IPv6
     1535              addresses must be enclosed in square brackets.
    15141536
    15151537Use these variables to override the choices made by `configure' or to help
     
    15791601if $ac_init_version; then
    15801602  cat <<\_ACEOF
    1581 mod_gnutls configure 0.7.2
     1603mod_gnutls configure 0.7.3
    15821604generated by GNU Autoconf 2.69
    15831605
     
    19902012running configure, to aid debugging if configure makes a mistake.
    19912013
    1992 It was created by mod_gnutls $as_me 0.7.2, which was
     2014It was created by mod_gnutls $as_me 0.7.3, which was
    19932015generated by GNU Autoconf 2.69.  Invocation command line was
    19942016
     
    23562378  chmod +x config.nice
    23572379
    2358 MOD_GNUTLS_VERSION=0.7.2
     2380MOD_GNUTLS_VERSION=0.7.3
    23592381
    23602382
     
    30213043# Define the identity of the package.
    30223044 PACKAGE='mod_gnutls'
    3023  VERSION='0.7.2'
     3045 VERSION='0.7.3'
    30243046
    30253047
     
    1262112643$as_echo "$use_srp" >&6; }
    1262212644
     12645# Check whether --enable-flock was given.
     12646if test "${enable_flock+set}" = set; then :
     12647  enableval=$enable_flock; use_flock=$enableval
     12648else
     12649  use_flock=yes
     12650fi
     12651
     12652# Check if flock is available and supports --timeout
     12653# Extract the first word of "flock", so it can be a program name with args.
     12654set dummy flock; ac_word=$2
     12655{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
     12656$as_echo_n "checking for $ac_word... " >&6; }
     12657if ${ac_cv_path_FLOCK+:} false; then :
     12658  $as_echo_n "(cached) " >&6
     12659else
     12660  case $FLOCK in
     12661  [\\/]* | ?:[\\/]*)
     12662  ac_cv_path_FLOCK="$FLOCK" # Let the user override the test with a path.
     12663  ;;
     12664  *)
     12665  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
     12666for as_dir in $PATH
     12667do
     12668  IFS=$as_save_IFS
     12669  test -z "$as_dir" && as_dir=.
     12670    for ac_exec_ext in '' $ac_executable_extensions; do
     12671  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
     12672    ac_cv_path_FLOCK="$as_dir/$ac_word$ac_exec_ext"
     12673    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
     12674    break 2
     12675  fi
     12676done
     12677  done
     12678IFS=$as_save_IFS
     12679
     12680  test -z "$ac_cv_path_FLOCK" && ac_cv_path_FLOCK="no"
     12681  ;;
     12682esac
     12683fi
     12684FLOCK=$ac_cv_path_FLOCK
     12685if test -n "$FLOCK"; then
     12686  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $FLOCK" >&5
     12687$as_echo "$FLOCK" >&6; }
     12688else
     12689  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
     12690$as_echo "no" >&6; }
     12691fi
     12692
     12693
     12694if test "${FLOCK}" != "no"; then :
     12695
     12696        { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${FLOCK} supports --timeout" >&5
     12697$as_echo_n "checking whether ${FLOCK} supports --timeout... " >&6; }
     12698        lockfile="$(mktemp)"
     12699        if ${FLOCK} --timeout 1 ${lockfile} true >&5 2>&1; then :
     12700  flock_works="yes"
     12701else
     12702  flock_works="no"
     12703fi
     12704        rm "${lockfile}"
     12705        { $as_echo "$as_me:${as_lineno-$LINENO}: result: $flock_works" >&5
     12706$as_echo "$flock_works" >&6; }
     12707
     12708else
     12709  flock_works="no"
     12710fi
     12711# disable flock if requested by user or it doesn't support timeout
     12712 if test "$enable_flock" = "no" || test "$flock_works" = "no"; then
     12713  DISABLE_FLOCK_TRUE=
     12714  DISABLE_FLOCK_FALSE='#'
     12715else
     12716  DISABLE_FLOCK_TRUE='#'
     12717  DISABLE_FLOCK_FALSE=
     12718fi
     12719
     12720
     12721# Check whether --enable-test-namespaces was given.
     12722if test "${enable_test_namespaces+set}" = set; then :
     12723  enableval=$enable_test_namespaces; use_netns=$enableval
     12724else
     12725  use_netns=yes
     12726fi
     12727
     12728
     12729# Check if "unshare" is available and has permission to create network
     12730# and user namespaces
     12731# Extract the first word of "unshare", so it can be a program name with args.
     12732set dummy unshare; ac_word=$2
     12733{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
     12734$as_echo_n "checking for $ac_word... " >&6; }
     12735if ${ac_cv_path_UNSHARE+:} false; then :
     12736  $as_echo_n "(cached) " >&6
     12737else
     12738  case $UNSHARE in
     12739  [\\/]* | ?:[\\/]*)
     12740  ac_cv_path_UNSHARE="$UNSHARE" # Let the user override the test with a path.
     12741  ;;
     12742  *)
     12743  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
     12744for as_dir in $PATH
     12745do
     12746  IFS=$as_save_IFS
     12747  test -z "$as_dir" && as_dir=.
     12748    for ac_exec_ext in '' $ac_executable_extensions; do
     12749  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
     12750    ac_cv_path_UNSHARE="$as_dir/$ac_word$ac_exec_ext"
     12751    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
     12752    break 2
     12753  fi
     12754done
     12755  done
     12756IFS=$as_save_IFS
     12757
     12758  test -z "$ac_cv_path_UNSHARE" && ac_cv_path_UNSHARE="no"
     12759  ;;
     12760esac
     12761fi
     12762UNSHARE=$ac_cv_path_UNSHARE
     12763if test -n "$UNSHARE"; then
     12764  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $UNSHARE" >&5
     12765$as_echo "$UNSHARE" >&6; }
     12766else
     12767  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
     12768$as_echo "no" >&6; }
     12769fi
     12770
     12771
     12772if test "${UNSHARE}" != "no"; then :
     12773
     12774        { $as_echo "$as_me:${as_lineno-$LINENO}: checking for permission to create network and user namespaces" >&5
     12775$as_echo_n "checking for permission to create network and user namespaces... " >&6; }
     12776        if ${UNSHARE} --net -r /bin/sh -c \
     12777                "ip link set up lo && ip addr show" >&5 2>&1; then :
     12778  unshare_works="yes"
     12779else
     12780  unshare_works="no"
     12781fi
     12782        { $as_echo "$as_me:${as_lineno-$LINENO}: result: $unshare_works" >&5
     12783$as_echo "$unshare_works" >&6; }
     12784
     12785else
     12786  unshare_works="no"
     12787fi
     12788# decide whether to enable network namespaces
     12789if test "$enable_test_namespaces" != "no" \
     12790            && test "$unshare_works" = "yes"; then :
     12791  use_netns="yes"
     12792else
     12793  use_netns="no"
     12794fi
     12795 if test "$use_netns" != "no"; then
     12796  ENABLE_NETNS_TRUE=
     12797  ENABLE_NETNS_FALSE='#'
     12798else
     12799  ENABLE_NETNS_TRUE='#'
     12800  ENABLE_NETNS_FALSE=
     12801fi
     12802
     12803# Adjust Apache configuration for tests accordingly: Use pthread mutex
     12804# and test specific PID files if using namespaces, defaults otherwise.
     12805if test "$use_netns" = "yes"; then :
     12806  MUTEX_TYPE="pthread"; PID_AFFIX="-\${TEST_NAME}"
     12807else
     12808  MUTEX_TYPE="default"; PID_AFFIX=""
     12809fi
     12810
     12811
     12812
     12813
     12814
    1262312815# Check whether --enable-msva was given.
    1262412816if test "${enable_msva+set}" = set; then :
     
    1294413136                build_doc="html only"
    1294513137        fi
     13138else
     13139        # Extract the first word of "markdown", so it can be a program name with args.
     13140set dummy markdown; ac_word=$2
     13141{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
     13142$as_echo_n "checking for $ac_word... " >&6; }
     13143if ${ac_cv_path_MARKDOWN+:} false; then :
     13144  $as_echo_n "(cached) " >&6
     13145else
     13146  case $MARKDOWN in
     13147  [\\/]* | ?:[\\/]*)
     13148  ac_cv_path_MARKDOWN="$MARKDOWN" # Let the user override the test with a path.
     13149  ;;
     13150  *)
     13151  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
     13152for as_dir in $PATH
     13153do
     13154  IFS=$as_save_IFS
     13155  test -z "$as_dir" && as_dir=.
     13156    for ac_exec_ext in '' $ac_executable_extensions; do
     13157  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
     13158    ac_cv_path_MARKDOWN="$as_dir/$ac_word$ac_exec_ext"
     13159    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
     13160    break 2
     13161  fi
     13162done
     13163  done
     13164IFS=$as_save_IFS
     13165
     13166  test -z "$ac_cv_path_MARKDOWN" && ac_cv_path_MARKDOWN="no"
     13167  ;;
     13168esac
     13169fi
     13170MARKDOWN=$ac_cv_path_MARKDOWN
     13171if test -n "$MARKDOWN"; then
     13172  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MARKDOWN" >&5
     13173$as_echo "$MARKDOWN" >&6; }
     13174else
     13175  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
     13176$as_echo "no" >&6; }
     13177fi
     13178
     13179
     13180        if test "$MARKDOWN" != "no"; then
     13181                build_doc="html stub"
     13182        fi
    1294613183fi
    1294713184 if test "$PANDOC" != "no"; then
     
    1296013197  USE_PDFLATEX_TRUE='#'
    1296113198  USE_PDFLATEX_FALSE=
     13199fi
     13200
     13201 if test -n "$MARKDOWN" && \
     13202                               test "$MARKDOWN" != "no"; then
     13203  USE_MARKDOWN_TRUE=
     13204  USE_MARKDOWN_FALSE='#'
     13205else
     13206  USE_MARKDOWN_TRUE='#'
     13207  USE_MARKDOWN_FALSE=
    1296213208fi
    1296313209
     
    1301813264fi
    1301913265
     13266for ac_prog in curl wget
     13267do
     13268  # Extract the first word of "$ac_prog", so it can be a program name with args.
     13269set dummy $ac_prog; ac_word=$2
     13270{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
     13271$as_echo_n "checking for $ac_word... " >&6; }
     13272if ${ac_cv_path_HTTP_CLI+:} false; then :
     13273  $as_echo_n "(cached) " >&6
     13274else
     13275  case $HTTP_CLI in
     13276  [\\/]* | ?:[\\/]*)
     13277  ac_cv_path_HTTP_CLI="$HTTP_CLI" # Let the user override the test with a path.
     13278  ;;
     13279  *)
     13280  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
     13281for as_dir in $PATH
     13282do
     13283  IFS=$as_save_IFS
     13284  test -z "$as_dir" && as_dir=.
     13285    for ac_exec_ext in '' $ac_executable_extensions; do
     13286  if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
     13287    ac_cv_path_HTTP_CLI="$as_dir/$ac_word$ac_exec_ext"
     13288    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
     13289    break 2
     13290  fi
     13291done
     13292  done
     13293IFS=$as_save_IFS
     13294
     13295  ;;
     13296esac
     13297fi
     13298HTTP_CLI=$ac_cv_path_HTTP_CLI
     13299if test -n "$HTTP_CLI"; then
     13300  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $HTTP_CLI" >&5
     13301$as_echo "$HTTP_CLI" >&6; }
     13302else
     13303  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
     13304$as_echo "no" >&6; }
     13305fi
     13306
     13307
     13308  test -n "$HTTP_CLI" && break
     13309done
     13310test -n "$HTTP_CLI" || HTTP_CLI="no"
     13311
     13312
    1302013313MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${SRP_CFLAGS} ${MSVA_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES} ${STRICT_CFLAGS}"
    1302113314MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
     
    1302613319# assign default values to TEST_HOST and TEST_IP if necessary
    1302713320: ${TEST_HOST:="localhost"}
    13028 : ${TEST_IP:="::1"}
    13029 
    13030 
    13031 
    13032 ac_config_files="$ac_config_files Makefile src/Makefile test/Makefile test/tests/Makefile doc/Makefile include/mod_gnutls.h"
     13321: ${TEST_IP:="[::1] 127.0.0.1"}
     13322
     13323
     13324
     13325
     13326LISTEN_LIST="# Listen addresses for the test servers"
     13327for i in ${TEST_IP}; do
     13328        LISTEN_LIST="${LISTEN_LIST}
     13329Listen ${i}:\${TEST_PORT}"
     13330done
     13331LISTEN_LIST="${LISTEN_LIST}
     13332<IfDefine TEST_HTTP_PORT>"
     13333for i in ${TEST_IP}; do
     13334        LISTEN_LIST="${LISTEN_LIST}
     13335        Listen ${i}:\${TEST_HTTP_PORT}"
     13336done
     13337LISTEN_LIST="${LISTEN_LIST}
     13338</IfDefine>"
     13339
     13340
     13341
     13342ac_config_files="$ac_config_files Makefile src/Makefile test/Makefile test/tests/Makefile doc/Makefile include/mod_gnutls.h test/proxy_backend.conf test/apache-conf/listen.conf test/apache-conf/netns.conf"
    1303313343
    1303413344cat >confcache <<\_ACEOF
     
    1316813478Usually this means the macro was only invoked conditionally." "$LINENO" 5
    1316913479fi
     13480if test -z "${DISABLE_FLOCK_TRUE}" && test -z "${DISABLE_FLOCK_FALSE}"; then
     13481  as_fn_error $? "conditional \"DISABLE_FLOCK\" was never defined.
     13482Usually this means the macro was only invoked conditionally." "$LINENO" 5
     13483fi
     13484if test -z "${ENABLE_NETNS_TRUE}" && test -z "${ENABLE_NETNS_FALSE}"; then
     13485  as_fn_error $? "conditional \"ENABLE_NETNS\" was never defined.
     13486Usually this means the macro was only invoked conditionally." "$LINENO" 5
     13487fi
    1317013488if test -z "${USE_MSVA_TRUE}" && test -z "${USE_MSVA_FALSE}"; then
    1317113489  as_fn_error $? "conditional \"USE_MSVA\" was never defined.
     
    1317813496if test -z "${USE_PDFLATEX_TRUE}" && test -z "${USE_PDFLATEX_FALSE}"; then
    1317913497  as_fn_error $? "conditional \"USE_PDFLATEX\" was never defined.
     13498Usually this means the macro was only invoked conditionally." "$LINENO" 5
     13499fi
     13500if test -z "${USE_MARKDOWN_TRUE}" && test -z "${USE_MARKDOWN_FALSE}"; then
     13501  as_fn_error $? "conditional \"USE_MARKDOWN\" was never defined.
    1318013502Usually this means the macro was only invoked conditionally." "$LINENO" 5
    1318113503fi
     
    1357713899# values after options handling.
    1357813900ac_log="
    13579 This file was extended by mod_gnutls $as_me 0.7.2, which was
     13901This file was extended by mod_gnutls $as_me 0.7.3, which was
    1358013902generated by GNU Autoconf 2.69.  Invocation command line was
    1358113903
     
    1364313965ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
    1364413966ac_cs_version="\\
    13645 mod_gnutls config.status 0.7.2
     13967mod_gnutls config.status 0.7.3
    1364613968configured by $0, generated by GNU Autoconf 2.69,
    1364713969  with options \\"\$ac_cs_config\\"
     
    1405814380    "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;;
    1405914381    "include/mod_gnutls.h") CONFIG_FILES="$CONFIG_FILES include/mod_gnutls.h" ;;
     14382    "test/proxy_backend.conf") CONFIG_FILES="$CONFIG_FILES test/proxy_backend.conf" ;;
     14383    "test/apache-conf/listen.conf") CONFIG_FILES="$CONFIG_FILES test/apache-conf/listen.conf" ;;
     14384    "test/apache-conf/netns.conf") CONFIG_FILES="$CONFIG_FILES test/apache-conf/netns.conf" ;;
    1406014385
    1406114386  *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
  • configure.ac

    r02c8e54 r8a264b0  
    11dnl
    2 AC_INIT(mod_gnutls, 0.7.2)
     2AC_INIT(mod_gnutls, 0.7.3)
    33OOO_CONFIG_NICE(config.nice)
    44MOD_GNUTLS_VERSION=AC_PACKAGE_VERSION
     
    5959AC_MSG_CHECKING([whether to enable SRP functionality])
    6060AC_MSG_RESULT($use_srp)
     61
     62dnl Optionally disable flock
     63AC_ARG_ENABLE(flock,
     64        AS_HELP_STRING([--disable-flock], [Disable use of flock during tests \
     65        (some exotic architectures don't support it)]),
     66        [use_flock=$enableval], [use_flock=yes])
     67# Check if flock is available and supports --timeout
     68AC_PATH_PROG([FLOCK], [flock], [no])
     69AS_IF([test "${FLOCK}" != "no"],
     70      [
     71        AC_MSG_CHECKING([whether ${FLOCK} supports --timeout])
     72        lockfile="$(mktemp)"
     73        AS_IF([${FLOCK} --timeout 1 ${lockfile} true >&AS_MESSAGE_LOG_FD 2>&1],
     74              [flock_works="yes"], [flock_works="no"])
     75        rm "${lockfile}"
     76        AC_MSG_RESULT([$flock_works])
     77      ],
     78      [flock_works="no"])
     79# disable flock if requested by user or it doesn't support timeout
     80AM_CONDITIONAL([DISABLE_FLOCK],
     81               [test "$enable_flock" = "no" || test "$flock_works" = "no"])
     82
     83dnl Enable test namespaces? Default is "yes".
     84AC_ARG_ENABLE(test-namespaces,
     85        AS_HELP_STRING([--disable-test-namespaces], [Disable use of network \
     86        namespaces to run tests in parallel (some architectures might not \
     87        support it)]),
     88        [use_netns=$enableval], [use_netns=yes])
     89
     90# Check if "unshare" is available and has permission to create network
     91# and user namespaces
     92AC_PATH_PROG([UNSHARE], [unshare], [no])
     93AS_IF([test "${UNSHARE}" != "no"],
     94      [
     95        AC_MSG_CHECKING([for permission to create network and user namespaces])
     96        AS_IF([${UNSHARE} --net -r /bin/sh -c \
     97                "ip link set up lo && ip addr show" >&AS_MESSAGE_LOG_FD 2>&1],
     98              [unshare_works="yes"], [unshare_works="no"])
     99        AC_MSG_RESULT([$unshare_works])
     100      ],
     101      [unshare_works="no"])
     102# decide whether to enable network namespaces
     103AS_IF([test "$enable_test_namespaces" != "no" \
     104            && test "$unshare_works" = "yes"],
     105      [use_netns="yes"], [use_netns="no"])
     106AM_CONDITIONAL([ENABLE_NETNS], [test "$use_netns" != "no"])
     107# Adjust Apache configuration for tests accordingly: Use pthread mutex
     108# and test specific PID files if using namespaces, defaults otherwise.
     109AS_IF([test "$use_netns" = "yes"],
     110      [MUTEX_TYPE="pthread"; PID_AFFIX="-\${TEST_NAME}"],
     111      [MUTEX_TYPE="default"; PID_AFFIX=""])
     112AC_SUBST(MUTEX_TYPE)
     113AC_SUBST(PID_AFFIX)
     114AM_SUBST_NOTMAKE(MUTEX_TYPE)
     115AM_SUBST_NOTMAKE(PID_AFFIX)
    61116
    62117AC_ARG_ENABLE(msva,
     
    93148                build_doc="html only"
    94149        fi
     150else
     151        AC_PATH_PROG([MARKDOWN], [markdown], [no])
     152        if test "$MARKDOWN" != "no"; then
     153                build_doc="html stub"
     154        fi
    95155fi
    96156AM_CONDITIONAL([USE_PANDOC], [test "$PANDOC" != "no"])
    97157AM_CONDITIONAL([USE_PDFLATEX], [test "$PANDOC" != "no" && \
    98158                               test "$PDFLATEX" != "no"])
     159AM_CONDITIONAL([USE_MARKDOWN], [test -n "$MARKDOWN" && \
     160                               test "$MARKDOWN" != "no"])
    99161
    100162# Check for Apache binary
     
    105167fi
    106168
     169AC_PATH_PROGS([HTTP_CLI], [curl wget], [no])
     170
    107171MODULE_CFLAGS="${LIBGNUTLS_CFLAGS} ${SRP_CFLAGS} ${MSVA_CFLAGS} ${APR_MEMCACHE_CFLAGS} ${APXS_CFLAGS} ${AP_INCLUDES} ${APR_INCLUDES} ${APU_INCLUDES} ${STRICT_CFLAGS}"
    108172MODULE_LIBS="${APR_MEMCACHE_LIBS} ${LIBGNUTLS_LIBS}"
     
    113177# assign default values to TEST_HOST and TEST_IP if necessary
    114178: ${TEST_HOST:="localhost"}
    115 : ${TEST_IP:="[::1]"}
     179: ${TEST_IP:="[[::1]] 127.0.0.1"}
    116180AC_ARG_VAR([TEST_HOST], [Host name to use for server instances started by \
    117                         "make check", must resolve to TEST_IP. The default \
    118                         is "localhost".])
    119 AC_ARG_VAR([TEST_IP], [IP address to use for server instances started by \
    120                       "make check". The default is the IPv6 loopback address \
    121                       [::1].])
     181                        "make check", must resolve to addresses in TEST_IP. \
     182                        The default is "localhost".])
     183AC_ARG_VAR([TEST_IP], [List of IP addresses to use for server instances \
     184                      started by "make check". The default is \
     185                      "[::1] 127.0.0.1". Note that IPv6 addresses must be \
     186                      enclosed in square brackets.])
     187AM_SUBST_NOTMAKE(TEST_IP)
     188
     189dnl Build list of "Listen" statements for Apache
     190LISTEN_LIST="# Listen addresses for the test servers"
     191for i in ${TEST_IP}; do
     192        LISTEN_LIST="${LISTEN_LIST}
     193Listen ${i}:\${TEST_PORT}"
     194done
     195dnl HTTP ports, only active if TEST_HTTP_PORT is defined
     196LISTEN_LIST="${LISTEN_LIST}
     197<IfDefine TEST_HTTP_PORT>"
     198for i in ${TEST_IP}; do
     199        LISTEN_LIST="${LISTEN_LIST}
     200        Listen ${i}:\${TEST_HTTP_PORT}"
     201done
     202LISTEN_LIST="${LISTEN_LIST}
     203</IfDefine>"
     204AC_SUBST(LISTEN_LIST)
     205AM_SUBST_NOTMAKE(LISTEN_LIST)
    122206
    123207AC_CONFIG_FILES([Makefile src/Makefile test/Makefile test/tests/Makefile \
    124                           doc/Makefile include/mod_gnutls.h])
     208                        doc/Makefile include/mod_gnutls.h \
     209                        test/proxy_backend.conf \
     210                        test/apache-conf/listen.conf \
     211                        test/apache-conf/netns.conf])
    125212AC_OUTPUT
    126213
  • doc/Makefile.am

    r02c8e54 r8a264b0  
    33if USE_PANDOC
    44html_DATA = mod_gnutls_manual.html
    5 endif
    6 # pandoc needs pdflatex for PDF output, so USE_PDFLATEX will only be
    7 # enabled if USE_PANDOC is, too.
    85if USE_PDFLATEX
     6# pandoc && pdflatex
    97pdf_DATA = mod_gnutls_manual.pdf
    108endif
     9else
     10if USE_MARKDOWN
     11# !pandoc && markdown
     12html_DATA = mod_gnutls_manual.html
     13endif
     14endif
     15
    1116MOSTLYCLEANFILES = $(html_DATA) $(pdf_DATA)
    1217
     18# pdf_DATA will be empty if pandoc isn't available
    1319$(html_DATA) $(pdf_DATA): mod_gnutls_manual.mdwn
     20if USE_PANDOC
    1421        $(PANDOC) --toc --standalone -f markdown -o $@ $<
     22else
     23if USE_MARKDOWN
     24        $(MARKDOWN) $< > $@
     25endif
     26endif
  • doc/mod_gnutls_manual.mdwn

    r02c8e54 r8a264b0  
    3131:   Provides a list of all available configure options.
    3232
    33 It is recommended to run `make check` before installation. If
    34 `localhost` does not resolve to the IPv6 loopback address `[::1]` on
    35 your system, you may have to set the `TEST_HOST` or `TEST_IP`
     33It is recommended to run `make check` before installation. If your
     34system doesn't have a loopback device with IPv6 and IPv4 support or
     35`localhost` does not resolve to at least one of `[::1]` and
     36`127.0.0.1`, you may have to set the `TEST_HOST` or `TEST_IP`
    3637environment variables when running `./configure` to make the test
    3738suite work correctly.
  • src/gnutls_hooks.c

    r02c8e54 r8a264b0  
    44 *  Copyright 2011 Dash Shendy
    55 *  Copyright 2013-2014 Daniel Kahn Gillmor
    6  *  Copyright 2015 Thomas Klute
     6 *  Copyright 2015-2016 Thomas Klute
    77 *
    88 *  Licensed under the Apache License, Version 2.0 (the "License");
     
    16551655#endif /* ENABLE_MSVA */
    16561656
    1657 static int mgs_status_hook(request_rec *r, int flags __attribute__((unused)))
     1657
     1658
     1659/*
     1660 * This hook writes the mod_gnutls status message for a mod_status
     1661 * report. According to the comments in mod_status.h, the "flags"
     1662 * parameter is a bitwise OR of the AP_STATUS_ flags.
     1663 *
     1664 * Note that this implementation gives flags explicitly requesting a
     1665 * simple response priority, e.g. if AP_STATUS_SHORT is set, flags
     1666 * requesting an HTML report will be ignored. As of Apache 2.4.10, the
     1667 * following flags were defined in mod_status.h:
     1668 *
     1669 * AP_STATUS_SHORT (short, non-HTML report requested)
     1670 * AP_STATUS_NOTABLE (HTML report without tables)
     1671 * AP_STATUS_EXTENDED (detailed report)
     1672 */
     1673static int mgs_status_hook(request_rec *r, int flags)
    16581674{
    1659     mgs_srvconf_rec *sc;
    1660 
    16611675    if (r == NULL)
    16621676        return OK;
    16631677
    1664     sc = (mgs_srvconf_rec *) ap_get_module_config(r->server->module_config, &gnutls_module);
     1678    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
     1679        ap_get_module_config(r->server->module_config, &gnutls_module);
    16651680
    16661681    _gnutls_log(debug_log_fp, "%s: %d\n", __func__, __LINE__);
    16671682
    1668     ap_rputs("<hr>\n", r);
    1669     ap_rputs("<h2>GnuTLS Information:</h2>\n<dl>\n", r);
    1670 
    1671     ap_rprintf(r, "<dt>GnuTLS version:</dt><dd>%s</dd>\n", gnutls_check_version(NULL));
    1672     ap_rputs("<dt>Built against:</dt><dd>" GNUTLS_VERSION "</dd>\n", r);
    1673     ap_rprintf(r, "<dt>using TLS:</dt><dd>%s</dd>\n", (sc->enabled == GNUTLS_ENABLED_FALSE ? "no" : "yes"));
    1674     if (sc->enabled != GNUTLS_ENABLED_FALSE) {
    1675         mgs_handle_t* ctxt;
    1676         ctxt = ap_get_module_config(r->connection->conn_config, &gnutls_module);
    1677         if (ctxt && ctxt->session != NULL) {
    1678 #if GNUTLS_VERSION_MAJOR < 3
    1679             ap_rprintf(r, "<dt>This TLS Session:</dt><dd>%s</dd>\n",
    1680                 gnutls_cipher_suite_get_name(gnutls_kx_get(ctxt->session),
    1681                 gnutls_cipher_get(ctxt->session),
    1682                 gnutls_mac_get(ctxt->session)));
    1683 #else
    1684             char* z = NULL;
    1685             z = gnutls_session_get_desc(ctxt->session);
    1686             if (z) {
    1687                 ap_rprintf(r, "<dt>This TLS Session:</dt><dd>%s</dd>\n", z);
    1688                 gnutls_free(z);
     1683    if (flags & AP_STATUS_SHORT)
     1684    {
     1685        ap_rprintf(r, "Using GnuTLS version: %s\n", gnutls_check_version(NULL));
     1686        ap_rputs("Built against GnuTLS version: " GNUTLS_VERSION "\n", r);
     1687    }
     1688    else
     1689    {
     1690        ap_rputs("<hr>\n", r);
     1691        ap_rputs("<h2>GnuTLS Information:</h2>\n<dl>\n", r);
     1692
     1693        ap_rprintf(r, "<dt>Using GnuTLS version:</dt><dd>%s</dd>\n",
     1694                   gnutls_check_version(NULL));
     1695        ap_rputs("<dt>Built against GnuTLS version:</dt><dd>"
     1696                 GNUTLS_VERSION "</dd>\n", r);
     1697        ap_rprintf(r, "<dt>Using TLS:</dt><dd>%s</dd>\n",
     1698                   (sc->enabled == GNUTLS_ENABLED_FALSE ? "no" : "yes"));
     1699    }
     1700
     1701    if (sc->enabled != GNUTLS_ENABLED_FALSE)
     1702    {
     1703        mgs_handle_t* ctxt =
     1704            ap_get_module_config(r->connection->conn_config, &gnutls_module);
     1705        if (ctxt && ctxt->session != NULL)
     1706        {
     1707            char* s_info = gnutls_session_get_desc(ctxt->session);
     1708            if (s_info)
     1709            {
     1710                if (flags & AP_STATUS_SHORT)
     1711                    ap_rprintf(r, "Current TLS session: %s\n", s_info);
     1712                else
     1713                    ap_rprintf(r, "<dt>Current TLS session:</dt><dd>%s</dd>\n",
     1714                               s_info);
     1715                gnutls_free(s_info);
    16891716            }
    1690 #endif
    1691         }
    1692     }
    1693 
    1694     ap_rputs("</dl>\n", r);
     1717        }
     1718    }
     1719
     1720    if (!(flags & AP_STATUS_SHORT))
     1721        ap_rputs("</dl>\n", r);
     1722
    16951723    return OK;
    16961724}
  • src/mod_gnutls.c

    r02c8e54 r8a264b0  
    6969    APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
    7070    APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
    71 }
    72 
     71
     72    /* mod_rewrite calls this function to detect HTTPS */
     73    APR_REGISTER_OPTIONAL_FN(ssl_is_https);
     74}
     75
     76
     77
     78/*
     79 * mod_rewrite calls this function to fill %{HTTPS}. A non-zero return
     80 * value means that HTTPS is in use.
     81 */
    7382int ssl_is_https(conn_rec *c)
    7483{
    7584    mgs_srvconf_rec *sc = (mgs_srvconf_rec *)
    7685        ap_get_module_config(c->base_server->module_config, &gnutls_module);
    77     if(sc->enabled == 0 || sc->non_ssl_request == 1) {
     86    mgs_handle_t *ctxt = (mgs_handle_t *)
     87        ap_get_module_config(c->conn_config, &gnutls_module);
     88
     89    if(sc->enabled == GNUTLS_ENABLED_FALSE
     90       || ctxt == NULL
     91       || ctxt->enabled == GNUTLS_ENABLED_FALSE)
     92    {
    7893        /* SSL/TLS Disabled or Plain HTTP Connection Detected */
    7994        return 0;
     
    8297    return 1;
    8398}
     99
     100
    84101
    85102int ssl_engine_disable(conn_rec *c)
  • test/Makefile.am

    r02c8e54 r8a264b0  
    2727        test-22_TLS_reverse_proxy_crl_revoke.bash \
    2828        test-23_TLS_reverse_proxy_mismatched_priorities.bash \
    29         test-24_pkcs11_cert.bash
     29        test-24_pkcs11_cert.bash \
     30        test-25_Disable_TLS_1.0.bash \
     31        test-26_redirect_HTTP_to_HTTPS.bash
    3032
    3133TESTS = $(dist_check_SCRIPTS)
     
    3335# Identities in the miniature CA, server, and client environment for
    3436# the test suite
    35 identities = server authority client imposter rogueca
     37shared_identities = server authority client imposter rogueca
     38pgp_identities = $(shared_identities)
     39x509_only_identities = rogueclient
     40x509_identities = $(shared_identities) $(x509_only_identities)
     41identities = $(shared_identities) $(x509_only_identities)
    3642# Append strings after ":=" to each identity to generate a list of
    3743# necessary files
    38 pgp_tokens = $(identities:=/secring.gpg) $(identities:=/cert.pgp) \
    39         $(identities:=/secret.pgp)
    40 x509_keys = $(identities:=/secret.key)
    41 x509_certs = $(identities:=/x509.pem)
     44pgp_tokens = $(pgp_identities:=/secring.gpg) $(pgp_identities:=/cert.pgp) \
     45        $(pgp_identities:=/secret.pgp)
     46x509_keys = $(x509_identities:=/secret.key)
     47x509_certs = $(x509_identities:=/x509.pem)
    4248x509_tokens = $(x509_certs) $(x509_keys)
    4349tokens = $(x509_tokens) $(pgp_tokens)
     50
     51if !DISABLE_FLOCK
     52# flock command for write access to the authority keyring
     53GPG_FLOCK = $(FLOCK) authority/lock
     54endif
    4455
    4556include $(srcdir)/test_ca.mk
     
    6071
    6172cert_templates = authority.template.in client.template.in \
    62         imposter.template.in rogueca.template server.template.in
     73        imposter.template.in rogueca.template rogueclient.template.in \
     74        server.template.in
    6375generated_templates = authority.template client.template \
    64         imposter.template server.template
     76        imposter.template rogueclient.template server.template
    6577
    6678# Delete X.509 private keys on full clean. Note that unless you need
     
    7284# target. Certificates can be rebuilt without generating new key
    7385# pairs, and regenerating them makes it possible to change identities
    74 # (e.g. host names) without wasting entropy on new keys (which would
     86# (e.g. host names) without wasting time on new keys (which would
    7587# happen after "clean").
    7688MOSTLYCLEANFILES += */x509.pem $(generated_templates) *.uid
     
    122134apache_data = base_apache.conf cgi_module.conf data/* mime.types proxy_mods.conf
    123135
    124 EXTRA_DIST = $(apache_data) $(cert_templates) *.uid.in proxy_backend.bash \
    125         runtests server-crl.template server-softhsm.conf softhsm.bash
     136EXTRA_DIST = $(apache_data) $(cert_templates) *.uid.in common.bash \
     137        proxy_backend.bash runtests server-crl.template server-softhsm.conf \
     138        softhsm.bash
    126139
    127140# Lockfile for the main Apache process
    128141test_lockfile = ./test.lock
    129 # Maximum wait time in seconds for flock to aquire instance lock files
     142# Lockfile for the proxy backend Apache process (if any)
     143backend_lockfile = ./backend.lock
     144# Maximum wait time in seconds for flock to aquire instance lock
     145# files, or Apache to remove its PID file
    130146lock_wait = 30
    131147
     
    143159AM_TESTS_ENVIRONMENT = export APACHE2=$(APACHE2); \
    144160        export AP_LIBEXECDIR=$(AP_LIBEXECDIR); \
    145         export TEST_LOCK="$(test_lockfile)"; \
    146161        export TEST_LOCK_WAIT="$(lock_wait)"; \
    147162        export TEST_HOST="$(TEST_HOST)"; \
    148         export TEST_IP="$(TEST_IP)"; \
    149163        export TEST_PORT="$(TEST_PORT)"; \
    150164        export MSVA_PORT="$(MSVA_PORT)"; \
     
    153167        export TEST_QUERY_DELAY="$(TEST_QUERY_DELAY)"; \
    154168        export BACKEND_HOST="$(TEST_HOST)"; \
    155         export BACKEND_IP="$(TEST_IP)";
     169        export HTTP_CLI="@HTTP_CLI@";
     170
     171if ENABLE_NETNS
     172AM_TESTS_ENVIRONMENT += export UNSHARE="$(UNSHARE)"; \
     173        export USE_TEST_NAMESPACE=1;
     174endif
     175# Without flock tests must not run in parallel. Otherwise set lock files.
     176if DISABLE_FLOCK
     177.NOTPARALLEL:
     178else
     179AM_TESTS_ENVIRONMENT += export FLOCK="$(FLOCK)"; \
     180        export TEST_LOCK="$(test_lockfile)"; \
     181        export BACKEND_LOCK="$(backend_lockfile)";
     182endif
    156183
    157184# Echo AM_TESTS_ENVIRONMENT. This can be useful for debugging, e.g. if
  • test/README

    r02c8e54 r8a264b0  
    1212=================
    1313
    14 from the top level of the source, or from test/ (where this README is),
     14From the top level of the source, or from test/ (where this README is),
    1515just run:
    1616
    17  make check
     17  make check
    1818
    19 from test/ you can also run specific tests by passing their script
    20 names to make in the TESTS variable:
     19from test/. You can also run specific test cases by passing their
     20script names to make in the TESTS variable:
    2121
    22  TESTS="test-03_cachetimeout_in_vhost.bash" make -e check
     22  TESTS="test-03_cachetimeout_in_vhost.bash" make -e check
    2323
    2424This should be handy when you're just trying to experiment with a new
    2525test and don't want to wait for the full test suite to run.
    2626
    27 The default configuration assumes that an IPv6 loopback device is
    28 available (TEST_IP=[::1]) and that TEST_HOST="localhost" resolves to
    29 the IPv6 loopback address [::1]. If this does not apply to your
    30 system, you can pass different values to ./configure, e.g. to use IPv4
    31 instead:
     27The default configuration assumes that a loopback device with IPv4 and
     28IPv6 support is available (TEST_IP="[::1] 127.0.0.1") and that
     29TEST_HOST="localhost" resolves to at least one of these addresses. If
     30this does not apply to your system, you can pass different values to
     31./configure, e.g. to use IPv4 only:
    3232
    3333  TEST_HOST="localhost" TEST_IP="127.0.0.1" ./configure
     34
     35If tests fail due to expired certificates or PGP signatures, run
     36
     37  make mostlyclean
     38
     39to delete them and create fresh ones on the next test run. You could
     40also use "make clean", but in that case the keys will be deleted as
     41well and have to be recreated, too, which takes more time.
    3442
    3543
     
    4149The simplest way to add a test is (from test/):
    4250
    43  ./newtest
     51  ./newtest
    4452
    4553This will prompt you for a simple name for the test and then copy a
     
    5260==============
    5361
    54 Each test consists of a directory in test/tests/, which will cause the
    55 test suite to spin up an isolated apache instance and try to connect
    56 to it with gnutls-cli and make a simple HTTP 1.1 request.
     62Each test consists of a script in test/ and a directory in
     63test/tests/, which the test suite uses to spin up an isolated Apache
     64instance or two (for proxy tests) and try to connect to it with
     65gnutls-cli and make a simple HTTP 1.1 or 1.0 request.
    5766
    58 By default, these tests are expected to succeed, by having
     67Test directories usually contain the following files:
    5968
    60 In each directory, you can put the following files:
     69 * apache.conf -- Apache configuration to be used
    6170
    62  * apache.conf --  the apache configuration to be used
    63 
    64  * gnutls-cli.args --  the arguments to pass to gnutls-cli
     71 * gnutls-cli.args -- the arguments to pass to gnutls-cli
    6572
    6673 * input -- the full HTTP request (including the final blank line)
    6774
     75 * backend.conf [optional] -- Apache configuration for the proxy
     76   backend server, if any
     77
    6878 * output [optional] -- the lines of this file will be checked against
    6979   the same number of lines at the end of the output produced by the
    70    gnutls-cli process.
     80   gnutls-cli process. "Date" and "Server" headers are filtered from
     81   the response because they are expected to change between runs
     82   (date) or builds (server version).
    7183
    7284 * fail.server [optional] -- if this file exists, it means we expect
     
    7991   should result in a failed file retrieval.
    8092
     93The "runtests" script is used to start one Apache instance and send a
     94request based on the files described above. Note that some tests take
     95additional steps, e.g. starting another server to act as proxy
     96backend, and at least one does not use "runtests" at all.
     97
     98By default (if "unshare" is available and has the permissions required
     99to create network and user namespaces), each test case is run inside
     100its own network namespace. This avoids address and port conflicts with
     101other tests as well has the host system.
     102
     103When writing your own tests, make sure to call netns_reexec (defined
     104in common.bash) if you need to start any network services outside of
     105runtests (which will create the namespace if it doesn't exist
     106already). However, some architectures might not support namespaces, so
     107traditional locking (using flock) and serial execution are still
     108supported.
     109
    81110
    82111Robustness and Tuning
    83112=====================
    84113
    85 These tests aren't nearly as robust as i'd like them to be, but they
    86 work for the moment and they're better than no tests at all.
     114Here are some things that you might want to tune about the tests based
     115on your expected setup (along with the variables that can be passed to
     116"make check" to adjust them):
    87117
    88 Here are some things that you might want to tune based on your
    89 expected setup (along with the variables that can be passed to "make
    90 check" to adjust them):
     118 * They need a functioning loopback device.
    91119
    92  * they need a functioning loopback device.
     120 * They expect (by default) to have port 9932 [TEST_PORT] available
     121   and open for connections on the addresses listed in TEST_IP.
    93122
    94  * they expect (by default) the TEST_IP to have port 9932
    95    open. [TEST_PORT]
     123 * Depending on the compile time configuration of the Apache binary
     124   installed on your system you may need to load additional Apache
     125   modules. The recommended way to do this is to drop a configuration
     126   file into the test/apache-conf/ directory. Patches to detect such
     127   situations and automatically configure the tests accordingly are
     128   welcome.
    96129
    97  * if a machine is particularly slow or under heavy load, it's
     130 * If a machine is particularly slow or under heavy load, it's
    98131   possible that these tests will fail for timing
    99    reasons. [TEST_QUERY_DELAY (seconds for the http request to be sent
     132   reasons. [TEST_QUERY_DELAY (seconds for the HTTP request to be sent
    100133   and responded to)]
     134
     135The first two of these issues are avoided when the tests are isolated
     136using network namespaces, which is the default (see "Implementation"
     137above). The ./configure script tries to detect if namespaces can be
     138used (some Linux distributions disable them for unprivileged
     139users). If this detection returns a false positive or you do not want
     140to use namespace isolation for some other reason, you can run
     141configure with the --disable-test-namespaces option.
    101142
    102143In some situations you may want to see the exact environment as
     
    104145instance with Valgrind using the same configuration as a test
    105146case. Use "make show-test-env" to dump AM_TESTS_ENVIRONMENT to stdout.
     147
     148If you are building on an exotic architecture which does not support
     149flock (or timeouts using flock -w), ./configure should detect that and
     150disable locking, or you can disable it manually by passing
     151"--disable-flock" to ./configure. This will force serial execution of
     152tests, including environment setup.
  • test/base_apache.conf

    r02c8e54 r8a264b0  
    55ErrorLog logs/${TEST_NAME}.error.log
    66HostnameLookups Off
    7 PidFile apache2.pid
    87KeepAlive Off
    98LogLevel debug
     
    1413TypesConfig ${srcdir}/mime.types
    1514
    16 Listen ${TEST_IP}:${TEST_PORT}
     15Include         apache-conf/*.conf
    1716
    1817DocumentRoot ${srcdir}/data
  • test/proxy_backend.bash

    r02c8e54 r8a264b0  
    22
    33set -e
     4. ${srcdir}/common.bash
    45
    56if [ -z "${BACKEND_HOST}" ]; then
     
    1213    export BACKEND_PORT="9934"
    1314fi
    14 : ${BACKEND_LOCK:="backend.lock"}
     15: ${BACKEND_PID:="backend.pid"}
    1516: ${srcdir:="."}
    1617: ${APACHE2:="apache2"}
     
    2425    lockfile="${4}"
    2526
    26     if [ -n "${lockfile}" ]; then
    27         flock_cmd="flock -w ${TEST_LOCK_WAIT} ${lockfile}"
    28     fi
    29 
    3027    TEST_NAME="$(basename "${dir}")"
    3128    (
     
    3633        case $action in
    3734            start)
     35                if [ -n "${USE_TEST_NAMESPACE}" ]; then
     36                    echo "Using namespaces to isolate tests, no need for" \
     37                         "locking."
     38                    flock_cmd=""
     39                elif [ -n "${lockfile}" ]; then
     40                    flock_cmd="${FLOCK} -w ${TEST_LOCK_WAIT} ${lockfile}"
     41                else
     42                    echo "Locking disabled, using wait based on proxy PID file."
     43                    wait_pid_gone "${BACKEND_PID}"
     44                    flock_cmd=""
     45                fi
    3846                ${flock_cmd} \
    3947                    ${APACHE2} -f "$(realpath ${testdir}/${conf})" -k start || return 1
  • test/runtests

    r02c8e54 r8a264b0  
    66
    77set -e
     8. ${srcdir}/common.bash
     9netns_reexec ${@}
    810
    911testid="${1##t-}"
     
    1719
    1820BADVARS=0
    19 for v in APACHE2 TEST_HOST TEST_IP TEST_PORT TEST_QUERY_DELAY TEST_MSVA_WAIT \
    20                  MSVA_PORT TEST_LOCK; do
     21for v in APACHE2 TEST_HOST TEST_PORT TEST_QUERY_DELAY TEST_MSVA_WAIT \
     22                 MSVA_PORT; do
    2123    if [ ! -v "$v" ]; then
    2224        printf "You need to set the %s environment variable\n" "$v" >&2
     
    150152fi
    151153
     154TEST_PID="apache2.pid"
    152155# configure locking for the Apache process
    153 flock_cmd="flock -w ${TEST_LOCK_WAIT} $(realpath ${TEST_LOCK})"
     156if [ -n "${USE_TEST_NAMESPACE}" ]; then
     157    echo "Using namespaces to isolate tests, no need for locking."
     158    flock_cmd=""
     159elif [ -n "${TEST_LOCK}" ]; then
     160    flock_cmd="${FLOCK} -w ${TEST_LOCK_WAIT} $(realpath ${TEST_LOCK})"
     161else
     162    echo "Locking disabled, using wait based on Apache PID file."
     163    wait_pid_gone "${TEST_PID}"
     164    flock_cmd=""
     165fi
    154166
    155167t="$(realpath ${testid})"
     
    206218
    207219if [ -e ${t}/output ] ; then
    208     diff_output_filter_headers "${t}/output" "$output" "-q"
     220    diff_output_filter_headers "${t}/output" "$output" >&2
    209221fi
    210222if [ -n "${USE_MSVA}" ]; then
  • test/test-19_TLS_reverse_proxy.bash

    r02c8e54 r8a264b0  
    33set -e
    44: ${srcdir:="."}
     5. ${srcdir}/common.bash
     6netns_reexec ${@}
    57
    68testdir="${srcdir}/tests/19_TLS_reverse_proxy"
     
    911function stop_backend
    1012{
    11     backend_apache "${dir}" "backend.conf" stop
     13    backend_apache "${testdir}" "backend.conf" stop
    1214}
    1315backend_apache "${testdir}" "backend.conf" start "${BACKEND_LOCK}"
  • test/test-20_TLS_reverse_proxy_client_auth.bash

    r02c8e54 r8a264b0  
    33set -e
    44: ${srcdir:="."}
     5. ${srcdir}/common.bash
     6netns_reexec ${@}
    57
    68testdir="${srcdir}/tests/20_TLS_reverse_proxy_client_auth"
     
    911function stop_backend
    1012{
    11     backend_apache "${dir}" "backend.conf" stop
     13    backend_apache "${testdir}" "backend.conf" stop
    1214}
    1315backend_apache "${testdir}" "backend.conf" start "${BACKEND_LOCK}"
  • test/test-21_TLS_reverse_proxy_wrong_cert.bash

    r02c8e54 r8a264b0  
    33set -e
    44: ${srcdir:="."}
     5. ${srcdir}/common.bash
     6netns_reexec ${@}
    57
    68testdir="${srcdir}/tests/21_TLS_reverse_proxy_wrong_cert"
     
    911function stop_backend
    1012{
    11     backend_apache "${dir}" "backend.conf" stop
     13    backend_apache "${testdir}" "backend.conf" stop
    1214}
    1315backend_apache "${testdir}" "backend.conf" start "${BACKEND_LOCK}"
  • test/test-22_TLS_reverse_proxy_crl_revoke.bash

    r02c8e54 r8a264b0  
    33set -e
    44: ${srcdir:="."}
     5. ${srcdir}/common.bash
     6netns_reexec ${@}
    57
    68testdir="${srcdir}/tests/22_TLS_reverse_proxy_crl_revoke"
     
    911function stop_backend
    1012{
    11     backend_apache "${dir}" "backend.conf" stop
     13    backend_apache "${testdir}" "backend.conf" stop
    1214}
    1315backend_apache "${testdir}" "backend.conf" start "${BACKEND_LOCK}"
  • test/test-23_TLS_reverse_proxy_mismatched_priorities.bash

    r02c8e54 r8a264b0  
    33set -e
    44: ${srcdir:="."}
     5. ${srcdir}/common.bash
     6netns_reexec ${@}
    57
    68testdir="${srcdir}/tests/23_TLS_reverse_proxy_mismatched_priorities"
     
    1416function stop_backend
    1517{
    16     backend_apache "${dir}" "backend.conf" stop
     18    backend_apache "${testdir}" "backend.conf" stop
    1719}
    1820backend_apache "${testdir}" "backend.conf" start "${BACKEND_LOCK}"
  • test/test-24_pkcs11_cert.bash

    r02c8e54 r8a264b0  
    1414trap cleanup_tmpconf EXIT
    1515
    16 sed "s,__DIR__,$(realpath $(pwd))," \
    17     "${testdir}/softhsm.conf.in" \
    18     >"${tmp_softhsm_conf}"
     16cat - >"${tmp_softhsm_conf}" <<EOF
     170:$(realpath $(pwd))/server/softhsm.db
     18EOF
    1919export SOFTHSM_CONF="${tmp_softhsm_conf}"
    2020echo "Generated temporary SoftHSM config ${tmp_softhsm_conf}:"
  • test/test_ca.mk

    r02c8e54 r8a264b0  
    3535# conditions with parallel make. Locking avoids this problem.
    3636%/cert.pgp: %/minimal.pgp authority/gpg.conf
    37         GNUPGHOME=authority flock authority/lock gpg --import $<
    38         GNUPGHOME=authority flock authority/lock gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
     37        GNUPGHOME=authority $(GPG_FLOCK) gpg --import $<
     38        GNUPGHOME=authority $(GPG_FLOCK) gpg --batch --sign-key --no-tty --yes "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)"
    3939        GNUPGHOME=authority gpg --armor --export "$$(GNUPGHOME=$(dir $@) gpg --with-colons --list-secret-keys --fingerprint | grep ^fpr: | cut -f 10 -d :)" > $@
    4040
     
    4848        certtool --generate-request --load-privkey $(dir $@)secret.key --template $< > $@
    4949
     50# normal case: certificates signed by test CA
    5051%/x509.pem: %.template %/cert-request authority/secret.key authority/x509.pem
    5152        certtool --generate-certificate --load-ca-certificate authority/x509.pem --load-ca-privkey authority/secret.key --load-request $(dir $@)cert-request --template $< > $@
     53
     54# error case: certificates signed by rogue CA
     55rogue%/x509.pem: rogue%.template rogue%/cert-request rogueca/x509.pem
     56        certtool --generate-certificate --load-ca-certificate rogueca/x509.pem --load-ca-privkey rogueca/secret.key --load-request $(dir $@)cert-request --template $< > $@
    5257
    5358%/softhsm.db: %/x509.pem %/secret.key
  • test/tests/00_basic/apache.conf

    r02c8e54 r8a264b0  
    33GnuTLSCache dbm cache/gnutls_cache
    44
    5 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     5<VirtualHost _default_:${TEST_PORT}>
    66 ServerName ${TEST_HOST}
    77 GnuTLSEnable On
  • test/tests/01_serverwide_priorities/apache.conf

    r02c8e54 r8a264b0  
    55GnuTLSPriorities NORMAL
    66
    7 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     7<VirtualHost _default_:${TEST_PORT}>
    88 ServerName ${TEST_HOST}
    99 GnuTLSEnable On
  • test/tests/02_cache_in_vhost/apache.conf

    r02c8e54 r8a264b0  
    11Include ${srcdir}/base_apache.conf
    22
    3 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     3<VirtualHost _default_:${TEST_PORT}>
    44 # Cache configuration not allowed in here:
    55 GnuTLSCache dbm cache/gnutls_cache
  • test/tests/03_cachetimeout_in_vhost/apache.conf

    r02c8e54 r8a264b0  
    11Include ${srcdir}/base_apache.conf
    22
    3 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     3<VirtualHost _default_:${TEST_PORT}>
    44 # Cache configuration not allowed in here:
    55 GnuTLSCacheTimeout 200
  • test/tests/04_basic_nosni/apache.conf

    r02c8e54 r8a264b0  
    33GnuTLSCache dbm cache/gnutls_cache
    44
    5 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     5<VirtualHost _default_:${TEST_PORT}>
    66 ServerName ${TEST_HOST}
    77 GnuTLSEnable On
  • test/tests/05_mismatched-priorities/apache.conf

    r02c8e54 r8a264b0  
    33GnuTLSCache dbm cache/gnutls_cache
    44
    5 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     5<VirtualHost _default_:${TEST_PORT}>
    66 ServerName ${TEST_HOST}
    77 GnuTLSEnable On
  • test/tests/06_verify_sni_a/apache.conf

    r02c8e54 r8a264b0  
    33GnuTLSCache dbm cache/gnutls_cache
    44
    5 NameVirtualHost ${TEST_IP}:${TEST_PORT}
     5NameVirtualHost _default_:${TEST_PORT}
    66
    7 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     7<VirtualHost _default_:${TEST_PORT}>
    88 ServerName ${TEST_HOST}
    99 GnuTLSEnable On
     
    1313</VirtualHost>
    1414
    15 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     15<VirtualHost _default_:${TEST_PORT}>
    1616 ServerName imposter.example
    1717 GnuTLSEnable On
  • test/tests/07_verify_sni_b/apache.conf

    r02c8e54 r8a264b0  
    33GnuTLSCache dbm cache/gnutls_cache
    44
    5 NameVirtualHost ${TEST_IP}:${TEST_PORT}
     5NameVirtualHost _default_:${TEST_PORT}
    66
    77# trying in a different order from 06_verify_sni_a
    88
    9 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     9<VirtualHost _default_:${TEST_PORT}>
    1010 ServerName imposter.example
    1111 GnuTLSEnable On
     
    1515</VirtualHost>
    1616
    17 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     17<VirtualHost _default_:${TEST_PORT}>
    1818 ServerName ${TEST_HOST}
    1919 GnuTLSEnable On
  • test/tests/08_verify_no_sni_fallback_to_first_vhost/apache.conf

    r02c8e54 r8a264b0  
    33GnuTLSCache dbm cache/gnutls_cache
    44
    5 NameVirtualHost ${TEST_IP}:${TEST_PORT}
     5NameVirtualHost _default_:${TEST_PORT}
    66
    7 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     7<VirtualHost _default_:${TEST_PORT}>
    88 ServerName ${TEST_HOST}
    99 GnuTLSEnable On
     
    1313</VirtualHost>
    1414
    15 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     15<VirtualHost _default_:${TEST_PORT}>
    1616 ServerName imposter.example
    1717 GnuTLSEnable On
  • test/tests/09_verify_no_sni_fails_with_wrong_order/apache.conf

    r02c8e54 r8a264b0  
    33GnuTLSCache dbm cache/gnutls_cache
    44
    5 NameVirtualHost ${TEST_IP}:${TEST_PORT}
     5NameVirtualHost _default_:${TEST_PORT}
    66
    77# In this order, clients with no SNI should get the imposter's key
    88
    9 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     9<VirtualHost _default_:${TEST_PORT}>
    1010 ServerName imposter.example
    1111 GnuTLSEnable On
     
    1515</VirtualHost>
    1616
    17 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     17<VirtualHost _default_:${TEST_PORT}>
    1818 ServerName ${TEST_HOST}
    1919 GnuTLSEnable On
  • test/tests/10_basic_client_verification/apache.conf

    r02c8e54 r8a264b0  
    33GnuTLSCache dbm cache/gnutls_cache
    44
    5 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     5<VirtualHost _default_:${TEST_PORT}>
    66 ServerName ${TEST_HOST}
    77 GnuTLSEnable On
  • test/tests/11_basic_client_verification_fail/apache.conf

    r02c8e54 r8a264b0  
    33GnuTLSCache dbm cache/gnutls_cache
    44
    5 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     5<VirtualHost _default_:${TEST_PORT}>
    66 ServerName ${TEST_HOST}
    77 GnuTLSEnable On
  • test/tests/12_cgi_variables/apache.conf

    r02c8e54 r8a264b0  
    88</Directory>
    99
    10 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     10<VirtualHost _default_:${TEST_PORT}>
    1111 ServerName ${TEST_HOST}
    1212 GnuTLSEnable On
  • test/tests/13_cgi_variables_no_client_cert/apache.conf

    r02c8e54 r8a264b0  
    88</Directory>
    99
    10 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     10<VirtualHost _default_:${TEST_PORT}>
    1111 ServerName ${TEST_HOST}
    1212 GnuTLSEnable On
  • test/tests/14_basic_openpgp/apache.conf

    r02c8e54 r8a264b0  
    33GnuTLSCache dbm cache/gnutls_cache
    44
    5 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     5<VirtualHost _default_:${TEST_PORT}>
    66 ServerName ${TEST_HOST}
    77 GnuTLSEnable On
  • test/tests/15_basic_msva/apache.conf

    r02c8e54 r8a264b0  
    33GnuTLSCache dbm cache/gnutls_cache
    44
    5 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     5<VirtualHost _default_:${TEST_PORT}>
    66 ServerName ${TEST_HOST}
    77 GnuTLSEnable On
  • test/tests/16_view-status/apache.conf

    r02c8e54 r8a264b0  
    99GnuTLSCache dbm cache/gnutls_cache
    1010
    11 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     11<VirtualHost _default_:${TEST_PORT}>
    1212 ServerName ${TEST_HOST}
    1313 GnuTLSEnable On
  • test/tests/16_view-status/gnutls-cli.args

    r02c8e54 r8a264b0  
    11--x509cafile=authority/x509.pem
    2 --priority=NONE:+VERS-TLS1.0:+AES-128-CBC:+SHA1:+RSA:+COMP-NULL
     2--priority=NONE:+VERS-TLS1.2:+AES-128-CBC:+SHA256:+RSA:+COMP-NULL:+SIGN-RSA-SHA256
  • test/tests/16_view-status/output

    r02c8e54 r8a264b0  
    1 <dt>using TLS:</dt><dd>yes</dd>
    2 <dt>This TLS Session:</dt><dd>(TLS1.0)-(RSA)-(AES-128-CBC)-(SHA1)</dd>
     1<dt>Using TLS:</dt><dd>yes</dd>
     2<dt>Current TLS session:</dt><dd>(TLS1.2)-(RSA)-(AES-128-CBC)-(SHA256)</dd>
    33</dl>
    44</body></html>
  • test/tests/17_cgi_vars_large_cert/apache.conf

    r02c8e54 r8a264b0  
    88</Directory>
    99
    10 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     10<VirtualHost _default_:${TEST_PORT}>
    1111 ServerName ${TEST_HOST}
    1212 GnuTLSEnable On
  • test/tests/18_client_verification_wrong_cert/apache.conf

    r02c8e54 r8a264b0  
    33GnuTLSCache dbm cache/gnutls_cache
    44
    5 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     5<VirtualHost _default_:${TEST_PORT}>
    66 ServerName ${TEST_HOST}
    77 GnuTLSEnable On
  • test/tests/18_client_verification_wrong_cert/gnutls-cli.args

    r02c8e54 r8a264b0  
    1 --x509certfile=rogueca/x509.pem
    2 --x509keyfile=rogueca/secret.key
     1--x509certfile=rogueclient/x509.pem
     2--x509keyfile=rogueclient/secret.key
    33--x509cafile=authority/x509.pem
    44--priority=NORMAL
  • test/tests/19_TLS_reverse_proxy/apache.conf

    r02c8e54 r8a264b0  
    44GnuTLSCache dbm cache/gnutls_cache
    55
    6 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     6<VirtualHost _default_:${TEST_PORT}>
    77 ServerName ${TEST_HOST}
    88 GnuTLSEnable On
  • test/tests/19_TLS_reverse_proxy/backend.conf

    r02c8e54 r8a264b0  
    1 Include ${srcdir}/base_apache.conf
    2 
    3 CustomLog logs/${TEST_NAME}.backend.access.log combined
    4 ErrorLog logs/${TEST_NAME}.backend.error.log
    5 PidFile backend.pid
     1Include ${srcdir}/base_apache.conf
     2Include proxy_backend.conf
    63
    74GnuTLSCache dbm cache/gnutls_cache
    85
    9 <VirtualHost ${BACKEND_IP}:${BACKEND_PORT}>
     6<VirtualHost _default_:${BACKEND_PORT}>
    107 ServerName ${BACKEND_HOST}
    118 GnuTLSEnable On
  • test/tests/20_TLS_reverse_proxy_client_auth/apache.conf

    r02c8e54 r8a264b0  
    44GnuTLSCache dbm cache/gnutls_cache
    55
    6 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     6<VirtualHost _default_:${TEST_PORT}>
    77 ServerName ${TEST_HOST}
    88 GnuTLSEnable On
  • test/tests/20_TLS_reverse_proxy_client_auth/backend.conf

    r02c8e54 r8a264b0  
    1 Include ${srcdir}/base_apache.conf
    2 
    3 CustomLog logs/${TEST_NAME}.backend.access.log combined
    4 ErrorLog logs/${TEST_NAME}.backend.error.log
    5 PidFile backend.pid
     1Include ${srcdir}/base_apache.conf
     2Include proxy_backend.conf
    63
    74GnuTLSCache dbm cache/gnutls_cache
    85
    9 <VirtualHost ${BACKEND_IP}:${BACKEND_PORT}>
     6<VirtualHost _default_:${BACKEND_PORT}>
    107 ServerName ${BACKEND_HOST}
    118 GnuTLSEnable On
  • test/tests/21_TLS_reverse_proxy_wrong_cert/apache.conf

    r02c8e54 r8a264b0  
    44GnuTLSCache dbm cache/gnutls_cache
    55
    6 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     6<VirtualHost _default_:${TEST_PORT}>
    77 ServerName ${TEST_HOST}
    88 GnuTLSEnable On
  • test/tests/21_TLS_reverse_proxy_wrong_cert/backend.conf

    r02c8e54 r8a264b0  
    11Include ${srcdir}/base_apache.conf
    2 
    3 CustomLog logs/${TEST_NAME}.backend.access.log combined
    4 ErrorLog logs/${TEST_NAME}.backend.error.log
    5 PidFile backend.pid
     2Include proxy_backend.conf
    63
    74GnuTLSCache dbm cache/gnutls_cache
    85
    9 <VirtualHost ${BACKEND_IP}:${BACKEND_PORT}>
     6<VirtualHost _default_:${BACKEND_PORT}>
    107 ServerName ${BACKEND_HOST}
    118 GnuTLSEnable On
  • test/tests/22_TLS_reverse_proxy_crl_revoke/apache.conf

    r02c8e54 r8a264b0  
    44GnuTLSCache dbm cache/gnutls_cache
    55
    6 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     6<VirtualHost _default_:${TEST_PORT}>
    77 ServerName ${TEST_HOST}
    88 GnuTLSEnable On
  • test/tests/22_TLS_reverse_proxy_crl_revoke/backend.conf

    r02c8e54 r8a264b0  
    1 Include ${srcdir}/base_apache.conf
    2 
    3 CustomLog logs/${TEST_NAME}.backend.access.log combined
    4 ErrorLog logs/${TEST_NAME}.backend.error.log
    5 PidFile backend.pid
     1Include ${srcdir}/base_apache.conf
     2Include proxy_backend.conf
    63
    74GnuTLSCache dbm cache/gnutls_cache
    85
    9 <VirtualHost ${BACKEND_IP}:${BACKEND_PORT}>
     6<VirtualHost _default_:${BACKEND_PORT}>
    107 ServerName ${BACKEND_HOST}
    118 GnuTLSEnable On
  • test/tests/23_TLS_reverse_proxy_mismatched_priorities/apache.conf

    r02c8e54 r8a264b0  
    44GnuTLSCache dbm cache/gnutls_cache
    55
    6 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     6<VirtualHost _default_:${TEST_PORT}>
    77 ServerName ${TEST_HOST}
    88 GnuTLSEnable On
  • test/tests/23_TLS_reverse_proxy_mismatched_priorities/backend.conf

    r02c8e54 r8a264b0  
    1 Include ${srcdir}/base_apache.conf
    2 
    3 CustomLog logs/${TEST_NAME}.backend.access.log combined
    4 ErrorLog logs/${TEST_NAME}.backend.error.log
    5 PidFile backend.pid
     1Include ${srcdir}/base_apache.conf
     2Include proxy_backend.conf
    63
    74GnuTLSCache dbm cache/gnutls_cache
    85
    9 <VirtualHost ${BACKEND_IP}:${BACKEND_PORT}>
     6<VirtualHost _default_:${BACKEND_PORT}>
    107 ServerName ${BACKEND_HOST}
    118 GnuTLSEnable On
  • test/tests/24_pkcs11_cert/apache.conf

    r02c8e54 r8a264b0  
    55GnuTLSP11Module /usr/lib/softhsm/libsofthsm.so
    66
    7 <VirtualHost ${TEST_IP}:${TEST_PORT}>
     7<VirtualHost _default_:${TEST_PORT}>
    88 ServerName ${TEST_HOST}
    99 GnuTLSEnable On
  • test/tests/Makefile.am

    r02c8e54 r8a264b0  
    2424        22_TLS_reverse_proxy_crl_revoke/apache.conf 22_TLS_reverse_proxy_crl_revoke/backend.conf 22_TLS_reverse_proxy_crl_revoke/gnutls-cli.args 22_TLS_reverse_proxy_crl_revoke/input 22_TLS_reverse_proxy_crl_revoke/output \
    2525        23_TLS_reverse_proxy_mismatched_priorities/apache.conf 23_TLS_reverse_proxy_mismatched_priorities/backend.conf 23_TLS_reverse_proxy_mismatched_priorities/gnutls-cli.args 23_TLS_reverse_proxy_mismatched_priorities/input 23_TLS_reverse_proxy_mismatched_priorities/output \
    26         24_pkcs11_cert/apache.conf 24_pkcs11_cert/gnutls-cli.args 24_pkcs11_cert/input 24_pkcs11_cert/output 24_pkcs11_cert/softhsm.conf.in
     26        24_pkcs11_cert/apache.conf 24_pkcs11_cert/gnutls-cli.args 24_pkcs11_cert/input 24_pkcs11_cert/output \
     27        25_Disable_TLS_1.0/apache.conf 25_Disable_TLS_1.0/fail.client 25_Disable_TLS_1.0/gnutls-cli.args 25_Disable_TLS_1.0/input \
     28        26_redirect_HTTP_to_HTTPS/apache.conf
Note: See TracChangeset for help on using the changeset viewer.