REGTESTS: only use tune.ssl.default-dh-param when not using AWS-LC

This option is not available with AWS-LC and emits a warning, so let's
properly enclose the test to cover this special case.

diff --git a/reg-tests/checks/ssl-hello-check.vtc b/reg-tests/checks/ssl-hello-check.vtc
index 7cabfab..a44b6e1 100644 (file)
--- a/reg-tests/checks/ssl-hello-check.vtc
+++ b/reg-tests/checks/ssl-hello-check.vtc
@@ -24,7 +24,9 @@ syslog S3 -level notice {
 
 haproxy htst -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
 
     defaults
         mode tcp

diff --git a/reg-tests/checks/tcp-check-ssl.vtc b/reg-tests/checks/tcp-check-ssl.vtc
index 9ad0dfa..4020f73 100644 (file)
--- a/reg-tests/checks/tcp-check-ssl.vtc
+++ b/reg-tests/checks/tcp-check-ssl.vtc
@@ -29,7 +29,9 @@ syslog S4 -level notice {
 
 haproxy htst -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
 
     defaults
         mode tcp

diff --git a/reg-tests/checks/tls_health_checks.vtc b/reg-tests/checks/tls_health_checks.vtc
index e94a2c7..9c3039f 100644 (file)
--- a/reg-tests/checks/tls_health_checks.vtc
+++ b/reg-tests/checks/tls_health_checks.vtc
@@ -34,7 +34,9 @@ syslog S1 -level notice {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
 
     defaults
         mode http
@@ -83,7 +85,9 @@ syslog S6 -level notice {
 
 haproxy h2 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
 
     defaults
         timeout client "${HAPROXY_TEST_TIMEOUT-5s}"

diff --git a/reg-tests/connection/proxy_protocol_random_fail.vtc b/reg-tests/connection/proxy_protocol_random_fail.vtc
index 1ae33de..93667de 100644 (file)
--- a/reg-tests/connection/proxy_protocol_random_fail.vtc
+++ b/reg-tests/connection/proxy_protocol_random_fail.vtc
@@ -24,7 +24,9 @@ syslog Slog_1 -repeat 8 -level info {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         log ${Slog_1_addr}:${Slog_1_port} len 2048 local0 debug err
 
     defaults

diff --git a/reg-tests/jwt/jws_verify.vtc b/reg-tests/jwt/jws_verify.vtc
index 43d37c7..57a2ee2 100644 (file)
--- a/reg-tests/jwt/jws_verify.vtc
+++ b/reg-tests/jwt/jws_verify.vtc
@@ -23,7 +23,9 @@ server s1 -repeat 24 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h1/stats" level admin
 

diff --git a/reg-tests/ssl/add_ssl_crt-list.vtc b/reg-tests/ssl/add_ssl_crt-list.vtc
index fbf3817..6c6379e 100644 (file)
--- a/reg-tests/ssl/add_ssl_crt-list.vtc
+++ b/reg-tests/ssl/add_ssl_crt-list.vtc
@@ -22,7 +22,9 @@ server s1 -repeat 2 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         crt-base ${testdir}
         stats socket "${tmpdir}/h1/stats" level admin

diff --git a/reg-tests/ssl/del_ssl_crt-list.vtc b/reg-tests/ssl/del_ssl_crt-list.vtc
index 5cf4c6a..3a2becc 100644 (file)
--- a/reg-tests/ssl/del_ssl_crt-list.vtc
+++ b/reg-tests/ssl/del_ssl_crt-list.vtc
@@ -20,7 +20,9 @@ server s1 -repeat 2 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         crt-base ${testdir}
         stats socket "${tmpdir}/h1/stats" level admin

diff --git a/reg-tests/ssl/new_del_ssl_cafile.vtc b/reg-tests/ssl/new_del_ssl_cafile.vtc
index 2123fb0..7e8a9f1 100644 (file)
--- a/reg-tests/ssl/new_del_ssl_cafile.vtc
+++ b/reg-tests/ssl/new_del_ssl_cafile.vtc
@@ -21,7 +21,9 @@ server s1 -repeat 2 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h1/stats" level admin
         crt-base ${testdir}

diff --git a/reg-tests/ssl/new_del_ssl_crlfile.vtc b/reg-tests/ssl/new_del_ssl_crlfile.vtc
index 8658a1a..8575f26 100644 (file)
--- a/reg-tests/ssl/new_del_ssl_crlfile.vtc
+++ b/reg-tests/ssl/new_del_ssl_crlfile.vtc
@@ -21,7 +21,9 @@ server s1 -repeat 3 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h1/stats" level admin
         crt-base ${testdir}

diff --git a/reg-tests/ssl/ocsp_auto_update.vtc b/reg-tests/ssl/ocsp_auto_update.vtc
index 0193953..bcaf96b 100644 (file)
--- a/reg-tests/ssl/ocsp_auto_update.vtc
+++ b/reg-tests/ssl/ocsp_auto_update.vtc
@@ -47,7 +47,9 @@ feature ignore_unknown_macro
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h1/stats" level admin
         crt-base ${testdir}/ocsp_update
@@ -115,7 +117,9 @@ syslog Syslog_ocsp -level notice {
 
 haproxy h2 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h2/stats" level admin
         crt-base ${testdir}/ocsp_update
@@ -182,7 +186,9 @@ syslog Syslog_ocsp3 -level notice {
 
 haproxy h3 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h3/stats" level admin
         crt-base ${testdir}/ocsp_update
@@ -254,7 +260,9 @@ syslog Syslog_ocsp4 -level notice {
 
 haproxy h4 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h4/stats" level admin
         crt-base ${testdir}/ocsp_update
@@ -368,7 +376,9 @@ syslog Syslog_ocsp5 -level notice {
 
 haproxy h5 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h5/stats" level admin
         crt-base ${testdir}/ocsp_update
@@ -450,7 +460,9 @@ syslog Syslog_ocsp6 -level notice {
 
 haproxy h6 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h6/stats" level admin
         crt-base ${testdir}
@@ -526,7 +538,9 @@ syslog Syslog_ocsp7 -level notice {
 
 haproxy h7 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h7/stats" level admin
         crt-base ${testdir}
@@ -589,7 +603,9 @@ process p7 -wait
 
 haproxy h8 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h8/stats" level admin
         crt-base ${testdir}/ocsp_update
@@ -683,7 +699,9 @@ syslog Syslog_ocsp9 -level notice {
 
 haproxy h9 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h9/stats" level admin
         crt-base ${testdir}/ocsp_update

diff --git a/reg-tests/ssl/set_ssl_bug_2265.vtc b/reg-tests/ssl/set_ssl_bug_2265.vtc
index e743c0a..c773f13 100644 (file)
--- a/reg-tests/ssl/set_ssl_bug_2265.vtc
+++ b/reg-tests/ssl/set_ssl_bug_2265.vtc
@@ -25,7 +25,9 @@ server s1 -repeat 3 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h1/stats" level admin
 

diff --git a/reg-tests/ssl/set_ssl_cafile.vtc b/reg-tests/ssl/set_ssl_cafile.vtc
index b948b4b..2e5aebb 100644 (file)
--- a/reg-tests/ssl/set_ssl_cafile.vtc
+++ b/reg-tests/ssl/set_ssl_cafile.vtc
@@ -27,7 +27,9 @@ server s1 -repeat 4 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h1/stats" level admin
 

diff --git a/reg-tests/ssl/set_ssl_cert.vtc b/reg-tests/ssl/set_ssl_cert.vtc
index 70a6f5e..6373498 100644 (file)
--- a/reg-tests/ssl/set_ssl_cert.vtc
+++ b/reg-tests/ssl/set_ssl_cert.vtc
@@ -31,7 +31,9 @@ server s1 -repeat 9 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h1/stats" level admin
         crt-base ${testdir}

diff --git a/reg-tests/ssl/set_ssl_cert_bundle.vtc b/reg-tests/ssl/set_ssl_cert_bundle.vtc
index 0941bdb..3b3c0b3 100644 (file)
--- a/reg-tests/ssl/set_ssl_cert_bundle.vtc
+++ b/reg-tests/ssl/set_ssl_cert_bundle.vtc
@@ -28,7 +28,9 @@ server s1 -repeat 9 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h1/stats" level admin
         crt-base ${testdir}

diff --git a/reg-tests/ssl/set_ssl_cert_noext.vtc b/reg-tests/ssl/set_ssl_cert_noext.vtc
index 8eb8b24..ed5fdb5 100644 (file)
--- a/reg-tests/ssl/set_ssl_cert_noext.vtc
+++ b/reg-tests/ssl/set_ssl_cert_noext.vtc
@@ -23,7 +23,9 @@ server s1 -repeat 3 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         ssl-load-extra-del-ext
         stats socket "${tmpdir}/h1/stats" level admin

diff --git a/reg-tests/ssl/set_ssl_crlfile.vtc b/reg-tests/ssl/set_ssl_crlfile.vtc
index 54d5998..86cab00 100644 (file)
--- a/reg-tests/ssl/set_ssl_crlfile.vtc
+++ b/reg-tests/ssl/set_ssl_crlfile.vtc
@@ -30,7 +30,9 @@ server s1 -repeat 4 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h1/stats" level admin
 

diff --git a/reg-tests/ssl/set_ssl_server_cert.vtc b/reg-tests/ssl/set_ssl_server_cert.vtc
index 847d45b..55d8df0 100644 (file)
--- a/reg-tests/ssl/set_ssl_server_cert.vtc
+++ b/reg-tests/ssl/set_ssl_server_cert.vtc
@@ -16,7 +16,9 @@ server s1 -repeat 4 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h1/stats" level admin
         nbthread 1

diff --git a/reg-tests/ssl/show_ssl_ocspresponse.vtc b/reg-tests/ssl/show_ssl_ocspresponse.vtc
index 8b1db16..08969ba 100644 (file)
--- a/reg-tests/ssl/show_ssl_ocspresponse.vtc
+++ b/reg-tests/ssl/show_ssl_ocspresponse.vtc
@@ -27,7 +27,9 @@ feature ignore_unknown_macro
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h1/stats" level admin
 

diff --git a/reg-tests/ssl/ssl_alpn.vtc b/reg-tests/ssl/ssl_alpn.vtc
index dfc63ac..9d03276 100644 (file)
--- a/reg-tests/ssl/ssl_alpn.vtc
+++ b/reg-tests/ssl/ssl_alpn.vtc
@@ -11,7 +11,9 @@ feature ignore_unknown_macro
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
 
     defaults
         mode http

diff --git a/reg-tests/ssl/ssl_client_auth.vtc b/reg-tests/ssl/ssl_client_auth.vtc
index ab8ba18..a223a9c 100644 (file)
--- a/reg-tests/ssl/ssl_client_auth.vtc
+++ b/reg-tests/ssl/ssl_client_auth.vtc
@@ -25,7 +25,9 @@ server s1 -repeat 3 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
 
     defaults
         mode http

diff --git a/reg-tests/ssl/ssl_client_samples.vtc b/reg-tests/ssl/ssl_client_samples.vtc
index 5a84e4b..6b77082 100644 (file)
--- a/reg-tests/ssl/ssl_client_samples.vtc
+++ b/reg-tests/ssl/ssl_client_samples.vtc
@@ -12,7 +12,9 @@ server s1 -repeat 3 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         crt-base ${testdir}
 

diff --git a/reg-tests/ssl/ssl_crt-list_filters.vtc b/reg-tests/ssl/ssl_crt-list_filters.vtc
index 1d21ed8..843d85a 100644 (file)
--- a/reg-tests/ssl/ssl_crt-list_filters.vtc
+++ b/reg-tests/ssl/ssl_crt-list_filters.vtc
@@ -16,7 +16,9 @@ server s1 -repeat 6 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         crt-base ${testdir}
         stats socket "${tmpdir}/h1/stats" level admin
 

diff --git a/reg-tests/ssl/ssl_curve_name.vtc b/reg-tests/ssl/ssl_curve_name.vtc
index a285a8f..5516791 100644 (file)
--- a/reg-tests/ssl/ssl_curve_name.vtc
+++ b/reg-tests/ssl/ssl_curve_name.vtc
@@ -11,7 +11,9 @@ server s1 -repeat 3 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         crt-base ${testdir}
 

diff --git a/reg-tests/ssl/ssl_curves.vtc b/reg-tests/ssl/ssl_curves.vtc
index 6a8b1b6..5ffd2d8 100644 (file)
--- a/reg-tests/ssl/ssl_curves.vtc
+++ b/reg-tests/ssl/ssl_curves.vtc
@@ -39,7 +39,9 @@ syslog Slg_cust_fmt -level info {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
 
     defaults
         mode http

diff --git a/reg-tests/ssl/ssl_default_server.vtc b/reg-tests/ssl/ssl_default_server.vtc
index 485a9ba..88a3ccb 100644 (file)
--- a/reg-tests/ssl/ssl_default_server.vtc
+++ b/reg-tests/ssl/ssl_default_server.vtc
@@ -22,7 +22,9 @@ server s1 -repeat 7 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h1/stats" level admin
         crt-base ${testdir}

diff --git a/reg-tests/ssl/ssl_errors.vtc b/reg-tests/ssl/ssl_errors.vtc
index 8fb9c5a..a3c5455 100644 (file)
--- a/reg-tests/ssl/ssl_errors.vtc
+++ b/reg-tests/ssl/ssl_errors.vtc
@@ -168,7 +168,9 @@ syslog Slg_bcknd_fe -level info {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         stats socket "${tmpdir}/h1/stats" level admin
     .if openssl_version_atleast(3.0.0)

diff --git a/reg-tests/ssl/ssl_frontend_samples.vtc b/reg-tests/ssl/ssl_frontend_samples.vtc
index 401e193..56a208b 100644 (file)
--- a/reg-tests/ssl/ssl_frontend_samples.vtc
+++ b/reg-tests/ssl/ssl_frontend_samples.vtc
@@ -11,7 +11,9 @@ server s1 -repeat 3 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         crt-base ${testdir}
 

diff --git a/reg-tests/ssl/ssl_generate_certificate.vtc b/reg-tests/ssl/ssl_generate_certificate.vtc
index ba0b53b..ace27d8 100644 (file)
--- a/reg-tests/ssl/ssl_generate_certificate.vtc
+++ b/reg-tests/ssl/ssl_generate_certificate.vtc
@@ -27,7 +27,9 @@ server s1 -repeat 6 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 2048
 
     defaults

diff --git a/reg-tests/ssl/ssl_server_samples.vtc b/reg-tests/ssl/ssl_server_samples.vtc
index c037523..2841d1c 100644 (file)
--- a/reg-tests/ssl/ssl_server_samples.vtc
+++ b/reg-tests/ssl/ssl_server_samples.vtc
@@ -11,7 +11,9 @@ server s1 -repeat 3 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         tune.ssl.capture-buffer-size 1
         crt-base ${testdir}
         stats socket "${tmpdir}/h1/stats" level admin

diff --git a/reg-tests/ssl/ssl_simple_crt-list.vtc b/reg-tests/ssl/ssl_simple_crt-list.vtc
index f7b03a2..d70327b 100644 (file)
--- a/reg-tests/ssl/ssl_simple_crt-list.vtc
+++ b/reg-tests/ssl/ssl_simple_crt-list.vtc
@@ -12,7 +12,9 @@ server s1 -repeat 4 {
 
 haproxy h1 -conf {
     global
+    .if !ssllib_name_startswith(AWS-LC)
         tune.ssl.default-dh-param 2048
+    .endif
         crt-base ${testdir}
         stats socket "${tmpdir}/h1/stats" level admin
 

diff --git a/reg-tests/ssl/wrong_ctx_storage.vtc b/reg-tests/ssl/wrong_ctx_storage.vtc
index dd746d4..4275731 100644 (file)
--- a/reg-tests/ssl/wrong_ctx_storage.vtc
+++ b/reg-tests/ssl/wrong_ctx_storage.vtc
@@ -24,7 +24,9 @@ feature ignore_unknown_macro
 
 haproxy h1 -conf {
   global
+  .if !ssllib_name_startswith(AWS-LC)
     tune.ssl.default-dh-param 2048
+  .endif
     tune.ssl.capture-buffer-size 1
 
   defaults