aboutsummaryrefslogtreecommitdiffhomepage
path: root/pingora-proxy
diff options
context:
space:
mode:
authorYuchen Wu <[email protected]>2024-10-11 17:06:46 -0700
committerYuchen Wu <[email protected]>2024-10-12 09:34:06 -0700
commitb939776792cfc1aff3b83d5cdee2ae5562805f7b (patch)
treeab7812cbbf4b1cd23854e15e297711068dbcf546 /pingora-proxy
parent9921fe422274ced5ef14eb582d63529859fed441 (diff)
downloadpingora-b939776792cfc1aff3b83d5cdee2ae5562805f7b.tar.gz
pingora-b939776792cfc1aff3b83d5cdee2ae5562805f7b.zip
Refactor openssl code one more time before rustls integration
Co-authored-by: Harald Gutmann <[email protected]>
Diffstat (limited to 'pingora-proxy')
-rw-r--r--pingora-proxy/Cargo.toml11
-rw-r--r--pingora-proxy/examples/load_balancer.rs2
-rw-r--r--pingora-proxy/tests/test_basic.rs39
-rw-r--r--pingora-proxy/tests/utils/cert.rs63
-rw-r--r--pingora-proxy/tests/utils/conf/keys/README.md9
-rw-r--r--pingora-proxy/tests/utils/conf/keys/server_boringssl_openssl.crt13
-rw-r--r--pingora-proxy/tests/utils/conf/keys/server_boringssl_openssl.csr (renamed from pingora-proxy/tests/utils/conf/keys/server.csr)0
-rw-r--r--pingora-proxy/tests/utils/conf/keys/server_rustls.crt14
-rw-r--r--pingora-proxy/tests/utils/conf/origin/conf/nginx.conf7
-rw-r--r--pingora-proxy/tests/utils/mock_origin.rs25
-rw-r--r--pingora-proxy/tests/utils/mod.rs2
-rw-r--r--pingora-proxy/tests/utils/server_utils.rs37
12 files changed, 182 insertions, 40 deletions
diff --git a/pingora-proxy/Cargo.toml b/pingora-proxy/Cargo.toml
index 13d4804..b65e0d8 100644
--- a/pingora-proxy/Cargo.toml
+++ b/pingora-proxy/Cargo.toml
@@ -44,7 +44,7 @@ env_logger = "0.9"
hyper = "0.14"
tokio-tungstenite = "0.20.1"
pingora-limits = { version = "0.3.0", path = "../pingora-limits" }
-pingora-load-balancing = { version = "0.3.0", path = "../pingora-load-balancing" }
+pingora-load-balancing = { version = "0.3.0", path = "../pingora-load-balancing", default-features=false }
prometheus = "0"
futures-util = "0.3"
serde = { version = "1.0", features = ["derive"] }
@@ -55,9 +55,12 @@ serde_yaml = "0.8"
hyperlocal = "0.8"
[features]
-default = ["openssl"]
-openssl = ["pingora-core/openssl", "pingora-cache/openssl"]
-boringssl = ["pingora-core/boringssl", "pingora-cache/boringssl"]
+default = []
+openssl = ["pingora-core/openssl", "pingora-cache/openssl", "openssl_derived"]
+boringssl = ["pingora-core/boringssl", "pingora-cache/boringssl", "openssl_derived"]
+rustls = ["pingora-core/rustls", "pingora-cache/rustls", "any_tls"]
+openssl_derived = ["any_tls"]
+any_tls = []
sentry = ["pingora-core/sentry"]
# or locally cargo doc --config "build.rustdocflags='--cfg doc_async_trait'"
diff --git a/pingora-proxy/examples/load_balancer.rs b/pingora-proxy/examples/load_balancer.rs
index 614981d..a428b9b 100644
--- a/pingora-proxy/examples/load_balancer.rs
+++ b/pingora-proxy/examples/load_balancer.rs
@@ -86,7 +86,7 @@ fn main() {
let key_path = format!("{}/tests/keys/key.pem", env!("CARGO_MANIFEST_DIR"));
let mut tls_settings =
- pingora_core::listeners::TlsSettings::intermediate(&cert_path, &key_path).unwrap();
+ pingora_core::listeners::tls::TlsSettings::intermediate(&cert_path, &key_path).unwrap();
tls_settings.enable_h2();
lb.add_tls_with_settings("0.0.0.0:6189", None, tls_settings);
diff --git a/pingora-proxy/tests/test_basic.rs b/pingora-proxy/tests/test_basic.rs
index 569e51a..f33a247 100644
--- a/pingora-proxy/tests/test_basic.rs
+++ b/pingora-proxy/tests/test_basic.rs
@@ -67,6 +67,7 @@ async fn test_simple_proxy() {
}
#[tokio::test]
+#[cfg(feature = "any_tls")]
async fn test_h2_to_h1() {
init();
let client = reqwest::Client::builder()
@@ -74,7 +75,12 @@ async fn test_h2_to_h1() {
.build()
.unwrap();
- let res = client.get("https://127.0.0.1:6150").send().await.unwrap();
+ let res = client
+ .get("https://127.0.0.1:6150")
+ .header("sni", "openrusty.org")
+ .send()
+ .await
+ .unwrap();
assert_eq!(res.status(), reqwest::StatusCode::OK);
assert_eq!(res.version(), reqwest::Version::HTTP_2);
@@ -104,6 +110,7 @@ async fn test_h2_to_h1() {
}
#[tokio::test]
+#[cfg(feature = "any_tls")]
async fn test_h2_to_h2() {
init();
let client = reqwest::Client::builder()
@@ -113,6 +120,7 @@ async fn test_h2_to_h2() {
let res = client
.get("https://127.0.0.1:6150")
+ .header("sni", "openrusty.org")
.header("x-h2", "true")
.send()
.await
@@ -189,6 +197,7 @@ async fn test_h1_on_h2c_port() {
}
#[tokio::test]
+#[cfg(feature = "openssl_derived")]
async fn test_h2_to_h2_host_override() {
init();
let client = reqwest::Client::builder()
@@ -212,6 +221,7 @@ async fn test_h2_to_h2_host_override() {
}
#[tokio::test]
+#[cfg(feature = "any_tls")]
async fn test_h2_to_h2_upload() {
init();
let client = reqwest::Client::builder()
@@ -223,6 +233,7 @@ async fn test_h2_to_h2_upload() {
let res = client
.get("https://127.0.0.1:6150/echo")
+ .header("sni", "openrusty.org")
.header("x-h2", "true")
.body(payload)
.send()
@@ -235,6 +246,7 @@ async fn test_h2_to_h2_upload() {
}
#[tokio::test]
+#[cfg(feature = "any_tls")]
async fn test_h2_to_h1_upload() {
init();
let client = reqwest::Client::builder()
@@ -246,6 +258,7 @@ async fn test_h2_to_h1_upload() {
let res = client
.get("https://127.0.0.1:6150/echo")
+ .header("sni", "openrusty.org")
.body(payload)
.send()
.await
@@ -313,7 +326,10 @@ async fn test_simple_proxy_uds_peer() {
assert!(is_specified_port(sockaddr.port()));
assert_eq!(headers["x-upstream-client-addr"], "unset"); // unnamed UDS
- assert_eq!(headers["x-upstream-server-addr"], "/tmp/nginx-test.sock");
+ assert_eq!(
+ headers["x-upstream-server-addr"],
+ "/tmp/pingora_nginx_test.sock"
+ );
let body = res.text().await.unwrap();
assert_eq!(body, "Hello World!\n");
@@ -444,6 +460,8 @@ async fn test_dropped_conn() {
test_dropped_conn_post_body_over().await;
}
+// currently not supported with Rustls implementation
+#[cfg(feature = "openssl_derived")]
#[tokio::test]
async fn test_tls_no_verify() {
init();
@@ -457,6 +475,7 @@ async fn test_tls_no_verify() {
assert_eq!(res.status(), StatusCode::OK);
}
+#[cfg(feature = "any_tls")]
#[tokio::test]
async fn test_tls_verify_sni_not_host() {
init();
@@ -473,6 +492,8 @@ async fn test_tls_verify_sni_not_host() {
assert_eq!(res.status(), StatusCode::OK);
}
+// currently not supported with Rustls implementation
+#[cfg(feature = "openssl_derived")]
#[tokio::test]
async fn test_tls_none_verify_host() {
init();
@@ -489,6 +510,7 @@ async fn test_tls_none_verify_host() {
assert_eq!(res.status(), StatusCode::OK);
}
+#[cfg(feature = "any_tls")]
#[tokio::test]
async fn test_tls_verify_sni_host() {
init();
@@ -506,6 +528,7 @@ async fn test_tls_verify_sni_host() {
assert_eq!(res.status(), StatusCode::OK);
}
+#[cfg(feature = "any_tls")]
#[tokio::test]
async fn test_tls_underscore_sub_sni_verify_host() {
init();
@@ -523,6 +546,7 @@ async fn test_tls_underscore_sub_sni_verify_host() {
assert_eq!(res.status(), StatusCode::OK);
}
+#[cfg(feature = "any_tls")]
#[tokio::test]
async fn test_tls_underscore_non_sub_sni_verify_host() {
init();
@@ -542,6 +566,7 @@ async fn test_tls_underscore_non_sub_sni_verify_host() {
assert_eq!(headers[header::CONNECTION], "close");
}
+#[cfg(feature = "any_tls")]
#[tokio::test]
async fn test_tls_alt_verify_host() {
init();
@@ -560,6 +585,7 @@ async fn test_tls_alt_verify_host() {
assert_eq!(res.status(), StatusCode::OK);
}
+#[cfg(feature = "any_tls")]
#[tokio::test]
async fn test_tls_underscore_sub_alt_verify_host() {
init();
@@ -578,6 +604,7 @@ async fn test_tls_underscore_sub_alt_verify_host() {
assert_eq!(res.status(), StatusCode::OK);
}
+#[cfg(feature = "any_tls")]
#[tokio::test]
async fn test_tls_underscore_non_sub_alt_verify_host() {
init();
@@ -691,6 +718,7 @@ async fn test_connect_close() {
}
#[tokio::test]
+#[cfg(feature = "any_tls")]
async fn test_mtls_no_client_cert() {
init();
let client = reqwest::Client::new();
@@ -709,6 +737,7 @@ async fn test_mtls_no_client_cert() {
assert_eq!(res.status(), StatusCode::BAD_REQUEST);
}
+#[cfg(feature = "any_tls")]
#[tokio::test]
async fn test_mtls_no_intermediate_cert() {
init();
@@ -730,6 +759,7 @@ async fn test_mtls_no_intermediate_cert() {
}
#[tokio::test]
+#[cfg(feature = "any_tls")]
async fn test_mtls() {
init();
let client = reqwest::Client::new();
@@ -748,6 +778,7 @@ async fn test_mtls() {
assert_eq!(res.status(), StatusCode::OK);
}
+#[cfg(feature = "any_tls")]
async fn assert_reuse(req: reqwest::RequestBuilder) {
req.try_clone().unwrap().send().await.unwrap();
let res = req.send().await.unwrap();
@@ -755,6 +786,7 @@ async fn assert_reuse(req: reqwest::RequestBuilder) {
assert!(headers.get("x-conn-reuse").is_some());
}
+#[cfg(feature = "any_tls")]
#[tokio::test]
async fn test_mtls_diff_cert_no_reuse() {
init();
@@ -789,6 +821,7 @@ async fn test_mtls_diff_cert_no_reuse() {
assert!(headers.get("x-conn-reuse").is_none());
}
+#[cfg(feature = "any_tls")]
#[tokio::test]
async fn test_tls_diff_verify_no_reuse() {
init();
@@ -815,6 +848,7 @@ async fn test_tls_diff_verify_no_reuse() {
assert!(headers.get("x-conn-reuse").is_none());
}
+#[cfg(feature = "any_tls")]
#[tokio::test]
async fn test_tls_diff_verify_host_no_reuse() {
init();
@@ -843,6 +877,7 @@ async fn test_tls_diff_verify_host_no_reuse() {
assert!(headers.get("x-conn-reuse").is_none());
}
+#[cfg(feature = "any_tls")]
#[tokio::test]
async fn test_tls_diff_alt_cnt_no_reuse() {
init();
diff --git a/pingora-proxy/tests/utils/cert.rs b/pingora-proxy/tests/utils/cert.rs
index 674a3ac..fb6f54c 100644
--- a/pingora-proxy/tests/utils/cert.rs
+++ b/pingora-proxy/tests/utils/cert.rs
@@ -13,35 +13,64 @@
// limitations under the License.
use once_cell::sync::Lazy;
-use pingora_core::tls::pkey::{PKey, Private};
-use pingora_core::tls::x509::X509;
+#[cfg(feature = "rustls")]
+use pingora_core::tls::{load_pem_file_ca, load_pem_file_private_key};
+#[cfg(feature = "openssl_derived")]
+use pingora_core::tls::{
+ pkey::{PKey, Private},
+ x509::X509,
+};
use std::fs;
-pub static ROOT_CERT: Lazy<X509> = Lazy::new(|| load_cert("keys/root.crt"));
-pub static ROOT_KEY: Lazy<PKey<Private>> = Lazy::new(|| load_key("keys/root.key"));
-pub static INTERMEDIATE_CERT: Lazy<X509> = Lazy::new(|| load_cert("keys/intermediate.crt"));
-pub static INTERMEDIATE_KEY: Lazy<PKey<Private>> = Lazy::new(|| load_key("keys/intermediate.key"));
-pub static LEAF_CERT: Lazy<X509> = Lazy::new(|| load_cert("keys/leaf.crt"));
-pub static LEAF2_CERT: Lazy<X509> = Lazy::new(|| load_cert("keys/leaf2.crt"));
-pub static LEAF_KEY: Lazy<PKey<Private>> = Lazy::new(|| load_key("keys/leaf.key"));
-pub static LEAF2_KEY: Lazy<PKey<Private>> = Lazy::new(|| load_key("keys/leaf2.key"));
-pub static SERVER_CERT: Lazy<X509> = Lazy::new(|| load_cert("keys/server.crt"));
-pub static SERVER_KEY: Lazy<PKey<Private>> = Lazy::new(|| load_key("keys/key.pem"));
-pub static CURVE_521_TEST_KEY: Lazy<PKey<Private>> =
+#[cfg(feature = "openssl_derived")]
+mod key_types {
+ use super::*;
+ pub type PrivateKeyType = PKey<Private>;
+ pub type CertType = X509;
+}
+
+#[cfg(feature = "rustls")]
+mod key_types {
+ use super::*;
+ pub type PrivateKeyType = Vec<u8>;
+ pub type CertType = Vec<u8>;
+}
+
+use key_types::*;
+
+pub static INTERMEDIATE_CERT: Lazy<CertType> = Lazy::new(|| load_cert("keys/intermediate.crt"));
+pub static LEAF_CERT: Lazy<CertType> = Lazy::new(|| load_cert("keys/leaf.crt"));
+pub static LEAF2_CERT: Lazy<CertType> = Lazy::new(|| load_cert("keys/leaf2.crt"));
+pub static LEAF_KEY: Lazy<PrivateKeyType> = Lazy::new(|| load_key("keys/leaf.key"));
+pub static LEAF2_KEY: Lazy<PrivateKeyType> = Lazy::new(|| load_key("keys/leaf2.key"));
+pub static CURVE_521_TEST_KEY: Lazy<PrivateKeyType> =
Lazy::new(|| load_key("keys/curve_test.521.key.pem"));
-pub static CURVE_521_TEST_CERT: Lazy<X509> = Lazy::new(|| load_cert("keys/curve_test.521.crt"));
-pub static CURVE_384_TEST_KEY: Lazy<PKey<Private>> =
+pub static CURVE_521_TEST_CERT: Lazy<CertType> = Lazy::new(|| load_cert("keys/curve_test.521.crt"));
+pub static CURVE_384_TEST_KEY: Lazy<PrivateKeyType> =
Lazy::new(|| load_key("keys/curve_test.384.key.pem"));
-pub static CURVE_384_TEST_CERT: Lazy<X509> = Lazy::new(|| load_cert("keys/curve_test.384.crt"));
+pub static CURVE_384_TEST_CERT: Lazy<CertType> = Lazy::new(|| load_cert("keys/curve_test.384.crt"));
+#[cfg(feature = "openssl_derived")]
fn load_cert(path: &str) -> X509 {
let path = format!("{}/{path}", super::conf_dir());
let cert_bytes = fs::read(path).unwrap();
X509::from_pem(&cert_bytes).unwrap()
}
-
+#[cfg(feature = "openssl_derived")]
fn load_key(path: &str) -> PKey<Private> {
let path = format!("{}/{path}", super::conf_dir());
let key_bytes = fs::read(path).unwrap();
PKey::private_key_from_pem(&key_bytes).unwrap()
}
+
+#[cfg(feature = "rustls")]
+fn load_cert(path: &str) -> Vec<u8> {
+ let path = format!("{}/{path}", super::conf_dir());
+ load_pem_file_ca(&path)
+}
+
+#[cfg(feature = "rustls")]
+fn load_key(path: &str) -> Vec<u8> {
+ let path = format!("{}/{path}", super::conf_dir());
+ load_pem_file_private_key(&path)
+}
diff --git a/pingora-proxy/tests/utils/conf/keys/README.md b/pingora-proxy/tests/utils/conf/keys/README.md
index 13965cd..44944ab 100644
--- a/pingora-proxy/tests/utils/conf/keys/README.md
+++ b/pingora-proxy/tests/utils/conf/keys/README.md
@@ -16,3 +16,12 @@ openssl ecparam -genkey -name secp256r1 -noout -out test_key.pem
openssl req -new -key test_key.pem -out test.csr
openssl x509 -req -in test.csr -CA server.crt -CAkey key.pem -CAcreateserial -CAserial test.srl -out test.crt -days 3650 -sha256
```
+
+```
+openssl version
+# OpenSSL 3.1.1
+echo '[v3_req]' > openssl.cnf
+openssl req -config openssl.cnf -new -x509 -key key.pem -out server_rustls.crt -days 3650 -sha256 \
+ -subj '/C=US/ST=CA/L=San Francisco/O=Cloudflare, Inc/CN=openrusty.org' \
+ -addext "subjectAltName=DNS:*.openrusty.org,DNS:openrusty.org,DNS:cat.com,DNS:dog.com"
+``` \ No newline at end of file
diff --git a/pingora-proxy/tests/utils/conf/keys/server_boringssl_openssl.crt b/pingora-proxy/tests/utils/conf/keys/server_boringssl_openssl.crt
new file mode 100644
index 0000000..afb2d1e
--- /dev/null
+++ b/pingora-proxy/tests/utils/conf/keys/server_boringssl_openssl.crt
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB9zCCAZ2gAwIBAgIUMI7aLvTxyRFCHhw57hGt4U6yupcwCgYIKoZIzj0EAwIw
+ZDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJhbmNp
+c2NvMRgwFgYDVQQKDA9DbG91ZGZsYXJlLCBJbmMxFjAUBgNVBAMMDW9wZW5ydXN0
+eS5vcmcwHhcNMjIwNDExMjExMzEzWhcNMzIwNDA4MjExMzEzWjBkMQswCQYDVQQG
+EwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGDAWBgNV
+BAoMD0Nsb3VkZmxhcmUsIEluYzEWMBQGA1UEAwwNb3BlbnJ1c3R5Lm9yZzBZMBMG
+ByqGSM49AgEGCCqGSM49AwEHA0IABNn/9RZtR48knaJD6tk9BdccaJfZ0hGEPn6B
+SDXmlmJPhcTBqa4iUwW/ABpGvO3FpJcNWasrX2k+qZLq3g205MKjLTArMCkGA1Ud
+EQQiMCCCDyoub3BlbnJ1c3R5Lm9yZ4INb3BlbnJ1c3R5Lm9yZzAKBggqhkjOPQQD
+AgNIADBFAiAjISZ9aEKmobKGlT76idO740J6jPaX/hOrm41MLeg69AIhAJqKrSyz
+wD/AAF5fR6tXmBqlnpQOmtxfdy13wDr4MT3h
+-----END CERTIFICATE-----
diff --git a/pingora-proxy/tests/utils/conf/keys/server.csr b/pingora-proxy/tests/utils/conf/keys/server_boringssl_openssl.csr
index ca75dce..ca75dce 100644
--- a/pingora-proxy/tests/utils/conf/keys/server.csr
+++ b/pingora-proxy/tests/utils/conf/keys/server_boringssl_openssl.csr
diff --git a/pingora-proxy/tests/utils/conf/keys/server_rustls.crt b/pingora-proxy/tests/utils/conf/keys/server_rustls.crt
new file mode 100644
index 0000000..28cdadf
--- /dev/null
+++ b/pingora-proxy/tests/utils/conf/keys/server_rustls.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICJzCCAc6gAwIBAgIUU+G0acG/uiMu1ZDSjlcoY4gH53QwCgYIKoZIzj0EAwIw
+ZDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJhbmNp
+c2NvMRgwFgYDVQQKDA9DbG91ZGZsYXJlLCBJbmMxFjAUBgNVBAMMDW9wZW5ydXN0
+eS5vcmcwHhcNMjQwNzI0MTMzOTQ4WhcNMzQwNzIyMTMzOTQ4WjBkMQswCQYDVQQG
+EwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xGDAWBgNV
+BAoMD0Nsb3VkZmxhcmUsIEluYzEWMBQGA1UEAwwNb3BlbnJ1c3R5Lm9yZzBZMBMG
+ByqGSM49AgEGCCqGSM49AwEHA0IABNn/9RZtR48knaJD6tk9BdccaJfZ0hGEPn6B
+SDXmlmJPhcTBqa4iUwW/ABpGvO3FpJcNWasrX2k+qZLq3g205MKjXjBcMDsGA1Ud
+EQQ0MDKCDyoub3BlbnJ1c3R5Lm9yZ4INb3BlbnJ1c3R5Lm9yZ4IHY2F0LmNvbYIH
+ZG9nLmNvbTAdBgNVHQ4EFgQUnfYAFWyQnSN57IGokj7jcz8ChJQwCgYIKoZIzj0E
+AwIDRwAwRAIgQr+Ly2cH04CncbnbhUf4hBl5frTp1pXgGnn8dYjd+UcCICuunEtp
+H/a42/sVGBFvjS6FOFe6ZDs4oWBNEqQSw0S2
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/pingora-proxy/tests/utils/conf/origin/conf/nginx.conf b/pingora-proxy/tests/utils/conf/origin/conf/nginx.conf
index 6d5abd7..2718f88 100644
--- a/pingora-proxy/tests/utils/conf/origin/conf/nginx.conf
+++ b/pingora-proxy/tests/utils/conf/origin/conf/nginx.conf
@@ -6,7 +6,7 @@ error_log /dev/stdout;
#error_log logs/error.log notice;
#error_log logs/error.log info;
-pid /tmp/mock_origin.pid;
+pid /tmp/pingora_mock_origin.pid;
master_process off;
daemon off;
@@ -85,7 +85,7 @@ http {
listen 8001;
listen [::]:8000;
#listen 8443 ssl;
- listen unix:/tmp/nginx-test.sock;
+ listen unix:/tmp/pingora_nginx_test.sock;
listen 8443 ssl http2;
server_name localhost;
@@ -97,6 +97,9 @@ http {
# for benchmark
http2_max_requests 999999;
+ # increase max body size for /upload/ test
+ client_max_body_size 128m;
+
#charset koi8-r;
#access_log logs/host.access.log main;
diff --git a/pingora-proxy/tests/utils/mock_origin.rs b/pingora-proxy/tests/utils/mock_origin.rs
index db84f8d..ec59e51 100644
--- a/pingora-proxy/tests/utils/mock_origin.rs
+++ b/pingora-proxy/tests/utils/mock_origin.rs
@@ -13,15 +13,38 @@
// limitations under the License.
use once_cell::sync::Lazy;
+use std::path::Path;
use std::process;
use std::{thread, time};
pub static MOCK_ORIGIN: Lazy<bool> = Lazy::new(init);
fn init() -> bool {
+ #[cfg(feature = "rustls")]
+ let src_cert_path = format!(
+ "{}/tests/utils/conf/keys/server_rustls.crt",
+ env!("CARGO_MANIFEST_DIR")
+ );
+ #[cfg(feature = "openssl_derived")]
+ let src_cert_path = format!(
+ "{}/tests/utils/conf/keys/server_boringssl_openssl.crt",
+ env!("CARGO_MANIFEST_DIR")
+ );
+
+ #[cfg(feature = "any_tls")]
+ {
+ let mut dst_cert_path = format!("{}/tests/keys/server.crt", env!("CARGO_MANIFEST_DIR"));
+ std::fs::copy(Path::new(&src_cert_path), Path::new(&dst_cert_path));
+ dst_cert_path = format!(
+ "{}/tests/utils/conf/keys/server.crt",
+ env!("CARGO_MANIFEST_DIR")
+ );
+ std::fs::copy(Path::new(&src_cert_path), Path::new(&dst_cert_path));
+ }
+
// TODO: figure out a way to kill openresty when exiting
process::Command::new("pkill")
- .args(["-F", "/tmp/mock_origin.pid"])
+ .args(["-F", "/tmp/pingora_mock_origin.pid"])
.spawn()
.unwrap();
let _origin = thread::spawn(|| {
diff --git a/pingora-proxy/tests/utils/mod.rs b/pingora-proxy/tests/utils/mod.rs
index 6a5a1c9..df769e5 100644
--- a/pingora-proxy/tests/utils/mod.rs
+++ b/pingora-proxy/tests/utils/mod.rs
@@ -14,7 +14,9 @@
#![allow(unused)]
+#[cfg(feature = "any_tls")]
pub mod cert;
+
pub mod mock_origin;
pub mod server_utils;
pub mod websocket;
diff --git a/pingora-proxy/tests/utils/server_utils.rs b/pingora-proxy/tests/utils/server_utils.rs
index 885fcb1..62b5882 100644
--- a/pingora-proxy/tests/utils/server_utils.rs
+++ b/pingora-proxy/tests/utils/server_utils.rs
@@ -12,6 +12,7 @@
// See the License for the specific language governing permissions and
// limitations under the License.
+#[cfg(feature = "any_tls")]
use super::cert;
use async_trait::async_trait;
use clap::Parser;
@@ -32,7 +33,7 @@ use pingora_core::protocols::{l4::socket::SocketAddr, Digest};
use pingora_core::server::configuration::Opt;
use pingora_core::services::Service;
use pingora_core::upstreams::peer::HttpPeer;
-use pingora_core::utils::CertKey;
+use pingora_core::utils::tls::CertKey;
use pingora_error::{Error, ErrorSource, Result};
use pingora_http::{RequestHeader, ResponseHeader};
use pingora_proxy::{ProxyHttp, Session};
@@ -106,6 +107,7 @@ fn response_filter_common(
}
#[async_trait]
+#[cfg(feature = "any_tls")]
impl ProxyHttp for ExampleProxyHttps {
type CTX = CTX;
fn new_ctx(&self) -> Self::CTX {
@@ -283,7 +285,7 @@ impl ProxyHttp for ExampleProxyHttp {
#[cfg(unix)]
if req.headers.contains_key("x-uds-peer") {
return Ok(Box::new(HttpPeer::new_uds(
- "/tmp/nginx-test.sock",
+ "/tmp/pingora_nginx_test.sock",
false,
"".to_string(),
)?));
@@ -558,27 +560,36 @@ fn test_main() {
http_logic.server_options = Some(http_server_options);
proxy_service_h2c.add_tcp("0.0.0.0:6146");
- let mut proxy_service_https =
- pingora_proxy::http_proxy_service(&my_server.configuration, ExampleProxyHttps {});
- proxy_service_https.add_tcp("0.0.0.0:6149");
- let cert_path = format!("{}/tests/keys/server.crt", env!("CARGO_MANIFEST_DIR"));
- let key_path = format!("{}/tests/keys/key.pem", env!("CARGO_MANIFEST_DIR"));
- let mut tls_settings =
- pingora_core::listeners::TlsSettings::intermediate(&cert_path, &key_path).unwrap();
- tls_settings.enable_h2();
- proxy_service_https.add_tls_with_settings("0.0.0.0:6150", None, tls_settings);
+ let mut proxy_service_https_opt: Option<Box<dyn Service>> = None;
+
+ #[cfg(feature = "any_tls")]
+ {
+ let mut proxy_service_https =
+ pingora_proxy::http_proxy_service(&my_server.configuration, ExampleProxyHttps {});
+ proxy_service_https.add_tcp("0.0.0.0:6149");
+ let cert_path = format!("{}/tests/keys/server.crt", env!("CARGO_MANIFEST_DIR"));
+ let key_path = format!("{}/tests/keys/key.pem", env!("CARGO_MANIFEST_DIR"));
+ let mut tls_settings =
+ pingora_core::listeners::tls::TlsSettings::intermediate(&cert_path, &key_path).unwrap();
+ tls_settings.enable_h2();
+ proxy_service_https.add_tls_with_settings("0.0.0.0:6150", None, tls_settings);
+ proxy_service_https_opt = Some(Box::new(proxy_service_https))
+ }
let mut proxy_service_cache =
pingora_proxy::http_proxy_service(&my_server.configuration, ExampleProxyCache {});
proxy_service_cache.add_tcp("0.0.0.0:6148");
- let services: Vec<Box<dyn Service>> = vec![
+ let mut services: Vec<Box<dyn Service>> = vec![
Box::new(proxy_service_h2c),
Box::new(proxy_service_http),
- Box::new(proxy_service_https),
Box::new(proxy_service_cache),
];
+ if let Some(proxy_service_https) = proxy_service_https_opt {
+ services.push(proxy_service_https)
+ }
+
set_compression_dict_path("tests/headers.dict");
my_server.add_services(services);
my_server.run_forever();