This is an automated email from the ASF dual-hosted git repository.
rrm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 6fd0fc3 Renames ssl_server_name.yaml to sni.yaml
6fd0fc3 is described below
commit 6fd0fc39413cd6f527b01fb3369e78fd69e5c465
Author: Randall Meyer <[email protected]>
AuthorDate: Fri May 31 13:43:16 2019 -0700
Renames ssl_server_name.yaml to sni.yaml
---
configs/Makefile.am | 2 +-
...l_server_name.yaml.default => sni.yaml.default} | 2 +-
doc/admin-guide/files/index.en.rst | 4 ++--
doc/admin-guide/files/records.config.en.rst | 10 ++++-----
...ssl_server_name.yaml.en.rst => sni.yaml.en.rst} | 6 ++---
doc/admin-guide/layer-4-routing.en.rst | 4 ++--
iocore/net/SSLSNIConfig.cc | 8 +++----
mgmt/RecordsConfig.cc | 2 +-
mgmt/utils/MgmtUtils.h | 2 --
src/traffic_manager/AddConfigFilesHere.cc | 2 +-
.../min_cfg/{ssl_server_name.yaml => sni.yaml} | 0
.../gold_tests/autest-site/trafficserver.test.ext | 2 +-
tests/gold_tests/h2/h2disable.test.py | 2 +-
.../client_context_dump.test.py | 2 +-
.../pluginTest/sslheaders/sslheaders.test.py | 2 +-
tests/gold_tests/tls/tls_client_cert.test.py | 26 +++++++++++-----------
tests/gold_tests/tls/tls_client_cert2.test.py | 4 ++--
tests/gold_tests/tls/tls_client_verify.test.py | 2 +-
tests/gold_tests/tls/tls_client_verify2.test.py | 2 +-
tests/gold_tests/tls/tls_client_versions.test.py | 4 ++--
tests/gold_tests/tls/tls_forward_nonhttp.test.py | 4 ++--
.../gold_tests/tls/tls_hooks_client_verify.test.py | 2 +-
tests/gold_tests/tls/tls_hooks_verify.test.py | 4 ++--
tests/gold_tests/tls/tls_tunnel.test.py | 24 ++++++++++----------
tests/gold_tests/tls/tls_tunnel_forward.test.py | 4 ++--
.../tls/tls_tunnel_plugin_rename.test.py | 4 ++--
tests/gold_tests/tls/tls_verify.test.py | 2 +-
tests/gold_tests/tls/tls_verify2.test.py | 16 ++++++-------
tests/gold_tests/tls/tls_verify3.test.py | 2 +-
tests/gold_tests/tls/tls_verify_base.test.py | 2 +-
30 files changed, 75 insertions(+), 77 deletions(-)
diff --git a/configs/Makefile.am b/configs/Makefile.am
index 0e03312..ccd4983 100644
--- a/configs/Makefile.am
+++ b/configs/Makefile.am
@@ -37,7 +37,7 @@ dist_sysconf_DATA = \
socks.config.default \
splitdns.config.default \
ssl_multicert.config.default \
- ssl_server_name.yaml.default \
+ sni.yaml.default \
volume.config.default
install-exec-hook:
diff --git a/configs/ssl_server_name.yaml.default b/configs/sni.yaml.default
similarity index 97%
rename from configs/ssl_server_name.yaml.default
rename to configs/sni.yaml.default
index 60bb6ea..7431229 100644
--- a/configs/ssl_server_name.yaml.default
+++ b/configs/sni.yaml.default
@@ -1,4 +1,4 @@
-# ssl_server_name.config.default
+# sni.yaml
#
# This configuration file
# - sets the SSL actions to be performed based on the servername provided
during SSL handhshake phase (SNI extension)
diff --git a/doc/admin-guide/files/index.en.rst
b/doc/admin-guide/files/index.en.rst
index 65b9018..9d16bc3 100644
--- a/doc/admin-guide/files/index.en.rst
+++ b/doc/admin-guide/files/index.en.rst
@@ -35,7 +35,7 @@ Configuration Files
remap.config.en
splitdns.config.en
ssl_multicert.config.en
- ssl_server_name.yaml.en
+ sni.yaml.en
storage.config.en
volume.config.en
@@ -74,7 +74,7 @@ Configuration Files
Configures |TS| to use different server certificates for SSL termination
when listening on multiple addresses or when clients employ SNI.
-:doc:`ssl_server_name.yaml.en`
+:doc:`sni.yaml.en`
Configures SNI based Layer 4 routing.
:doc:`storage.config.en`
diff --git a/doc/admin-guide/files/records.config.en.rst
b/doc/admin-guide/files/records.config.en.rst
index 887addd..3fcb13a 100644
--- a/doc/admin-guide/files/records.config.en.rst
+++ b/doc/admin-guide/files/records.config.en.rst
@@ -3185,9 +3185,9 @@ SSL Termination
note that OpenSSL session tickets are sensitive to the version of the
ca-certificates. Once the
file is changed with new tickets, use :option:`traffic_ctl config reload`
to begin using them.
-.. ts:cv:: CONFIG proxy.config.ssl.servername.filename STRING
ssl_server_name.yaml
+.. ts:cv:: CONFIG proxy.config.ssl.servername.filename STRING sni.yaml
- The filename of the :file:`ssl_server_name.yaml` configuration file.
+ The filename of the :file:`sni.yaml` configuration file.
If relative, it is relative to the configuration directory.
.. ts:cv:: CONFIG proxy.config.ssl.max_record_size INT 0
@@ -3314,9 +3314,9 @@ Client-Related Configuration
Configures |TS| to verify the origin server certificate
with the Certificate Authority (CA). This configuration takes a value of
:code:`DISABLED`, :code:`PERMISSIVE`, or :code:`ENFORCED`
- You can override this global setting on a per domain basis in the
ssl_server_name.yaml file using the :ref:`verify_server_policy
attribute<override-verify-server-policy>`.
+ You can override this global setting on a per domain basis in the sni.yaml
file using the :ref:`verify_server_policy
attribute<override-verify-server-policy>`.
- You can also override via the conf_remap plugin. Those changes will take
precedence over the changes in ssl_server_name.yaml.
+ You can also override via the conf_remap plugin. Those changes will take
precedence over the changes in sni.yaml.
:code:`DISABLED`
Server Certificate will not be verified
@@ -3333,7 +3333,7 @@ Client-Related Configuration
You can override this global setting on a per domain basis in the
ssl_servername.yaml file using the :ref:`verify_server_properties
attribute<override-verify-server-properties>`.
- You can also override via the conf_remap plugin. Those changes will take
precedence over the changes in ssl_server_name.yaml.
+ You can also override via the conf_remap plugin. Those changes will take
precedence over the changes in sni.yaml.
:code:`NONE`
Check nothing in the standard callback. Rely entirely on plugins to check
the certificate.
diff --git a/doc/admin-guide/files/ssl_server_name.yaml.en.rst
b/doc/admin-guide/files/sni.yaml.en.rst
similarity index 98%
rename from doc/admin-guide/files/ssl_server_name.yaml.en.rst
rename to doc/admin-guide/files/sni.yaml.en.rst
index cbdfba3..7c490b8 100644
--- a/doc/admin-guide/files/ssl_server_name.yaml.en.rst
+++ b/doc/admin-guide/files/sni.yaml.en.rst
@@ -17,10 +17,10 @@
.. include:: ../../common.defs
-ssl_server_name.yaml
+sni.yaml
**********************
-.. configfile:: ssl_server_name.yaml
+.. configfile:: sni.yaml
Description
===========
@@ -33,7 +33,7 @@ the items specified by this file and if there is a match, the
values specified i
the defaults. This is done during the inbound connection processing and be
some outbound properties
can be overridden again later, such as via :file:`remap.config` or plugins.
-By default this is named :file:`ssl_server_name.yaml`. The file can be changed
by setting
+By default this is named :file:`sni.yaml`. The file can be changed by setting
:ts:cv:`proxy.config.ssl.servername.filename`. This file is loaded on start up
and by
:option:`traffic_ctl config reload` if the file has been modified since
process start.
diff --git a/doc/admin-guide/layer-4-routing.en.rst
b/doc/admin-guide/layer-4-routing.en.rst
index 5501a4c..69042a9 100644
--- a/doc/admin-guide/layer-4-routing.en.rst
+++ b/doc/admin-guide/layer-4-routing.en.rst
@@ -51,7 +51,7 @@ SNI Routing
Currently the only directly supported layer 4 routing (as of version 8.0) is
SNI based routing. This
imposes the requirement on the traffic that the inbound connection must be TLS.
-SNI routing is configured by :file:`ssl_server_name.yaml`.
+SNI routing is configured by :file:`sni.yaml`.
If SNI Routing is enabled the initial "`CLIENT HELLO
<https://tools.ietf.org/html/rfc5246#section-7.4.1.2>`__" data of an inbound
TLS connection is
@@ -96,7 +96,7 @@ service-1.example.com app-server-29:443
service-2.example.com app-server-56:4443
========================== =====================================
-The :file:`ssl_server_name.yaml` contents would be
+The :file:`sni.yaml` contents would be
.. code:: yaml
diff --git a/iocore/net/SSLSNIConfig.cc b/iocore/net/SSLSNIConfig.cc
index 274a82e..895f698 100644
--- a/iocore/net/SSLSNIConfig.cc
+++ b/iocore/net/SSLSNIConfig.cc
@@ -125,11 +125,11 @@ SNIConfigParams::Initialize()
{
sni_filename =
ats_stringdup(RecConfigReadConfigPath("proxy.config.ssl.servername.filename"));
- Note("ssl_server_name.yaml loading ...");
+ Note("sni.yaml loading ...");
struct stat sbuf;
if (stat(sni_filename, &sbuf) == -1 && errno == ENOENT) {
- Note("ssl_server_name.yaml failed to load");
+ Note("sni.yaml failed to load");
Warning("Loading SNI configuration - filename: %s doesn't exist",
sni_filename);
return 1;
}
@@ -138,12 +138,12 @@ SNIConfigParams::Initialize()
if (!zret.isOK()) {
std::stringstream errMsg;
errMsg << zret;
- Error("ssl_server_name.yaml failed to load: %s", errMsg.str().c_str());
+ Error("sni.yaml failed to load: %s", errMsg.str().c_str());
return 1;
}
loadSNIConfig();
- Note("ssl_server_name.yaml finished loading");
+ Note("sni.yaml finished loading");
return 0;
}
diff --git a/mgmt/RecordsConfig.cc b/mgmt/RecordsConfig.cc
index 2e71638..7a2155f 100644
--- a/mgmt/RecordsConfig.cc
+++ b/mgmt/RecordsConfig.cc
@@ -1092,7 +1092,7 @@ static const RecordElement RecordsConfig[] =
,
{RECT_CONFIG, "proxy.config.ssl.server.multicert.exit_on_load_fail",
RECD_INT, "1", RECU_RESTART_TS, RR_NULL, RECC_NULL, "[0-1]", RECA_NULL}
,
- {RECT_CONFIG, "proxy.config.ssl.servername.filename", RECD_STRING,
"ssl_server_name.yaml", RECU_RESTART_TS, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
+ {RECT_CONFIG, "proxy.config.ssl.servername.filename", RECD_STRING,
"sni.yaml", RECU_RESTART_TS, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
,
{RECT_CONFIG, "proxy.config.ssl.server.ticket_key.filename", RECD_STRING,
nullptr, RECU_DYNAMIC, RR_NULL, RECC_NULL, nullptr, RECA_NULL}
,
diff --git a/mgmt/utils/MgmtUtils.h b/mgmt/utils/MgmtUtils.h
index 16a3da8..6e59a52 100644
--- a/mgmt/utils/MgmtUtils.h
+++ b/mgmt/utils/MgmtUtils.h
@@ -38,8 +38,6 @@
#include "records/P_RecCore.h"
-constexpr const char SSL_SERVER_NAME_CONFIG[] = "ssl_server_name.yaml";
-
int mgmt_readline(int fd, char *buf, int maxlen);
int mgmt_writeline(int fd, const char *data, int nbytes);
diff --git a/src/traffic_manager/AddConfigFilesHere.cc
b/src/traffic_manager/AddConfigFilesHere.cc
index 0ace074..6ac388b 100644
--- a/src/traffic_manager/AddConfigFilesHere.cc
+++ b/src/traffic_manager/AddConfigFilesHere.cc
@@ -84,7 +84,7 @@ initializeRegistry()
registerFile("", "plugin.config");
registerFile("proxy.config.dns.splitdns.filename", "splitdns.config");
registerFile("proxy.config.ssl.server.multicert.filename",
"ssl_multicert.config");
- registerFile("proxy.config.ssl.servername.filename", SSL_SERVER_NAME_CONFIG);
+ registerFile("proxy.config.ssl.servername.filename", "sni.config");
configFiles->registerCallback(testcall);
}
diff --git a/tests/gold_tests/autest-site/min_cfg/ssl_server_name.yaml
b/tests/gold_tests/autest-site/min_cfg/sni.yaml
similarity index 100%
rename from tests/gold_tests/autest-site/min_cfg/ssl_server_name.yaml
rename to tests/gold_tests/autest-site/min_cfg/sni.yaml
diff --git a/tests/gold_tests/autest-site/trafficserver.test.ext
b/tests/gold_tests/autest-site/trafficserver.test.ext
index 48976cf..e9412ef 100755
--- a/tests/gold_tests/autest-site/trafficserver.test.ext
+++ b/tests/gold_tests/autest-site/trafficserver.test.ext
@@ -246,7 +246,7 @@ def MakeATSProcess(obj, name, command='traffic_server',
select_ports=True):
tmpname = os.path.join(config_dir, fname)
p.Disk.File(tmpname, id=make_id(fname), typename="ats:config")
- fname = "ssl_server_name.yaml"
+ fname = "sni.yaml"
tmpname = os.path.join(config_dir, fname)
p.Disk.File(tmpname, id=make_id(fname), typename="ats:config")
diff --git a/tests/gold_tests/h2/h2disable.test.py
b/tests/gold_tests/h2/h2disable.test.py
index 4f6700d..17438d3 100644
--- a/tests/gold_tests/h2/h2disable.test.py
+++ b/tests/gold_tests/h2/h2disable.test.py
@@ -59,7 +59,7 @@ ts.Disk.records_config.update({
'proxy.config.url_remap.pristine_host_hdr': 1
})
-ts.Disk.ssl_server_name_yaml.AddLines([
+ts.Disk.sni_yaml.AddLines([
'- fqdn: bar.com',
' disable_h2: true',
'- fqdn: bob.*.com',
diff --git
a/tests/gold_tests/pluginTest/client_context_dump/client_context_dump.test.py
b/tests/gold_tests/pluginTest/client_context_dump/client_context_dump.test.py
index ce1a48e..366bf8f 100644
---
a/tests/gold_tests/pluginTest/client_context_dump/client_context_dump.test.py
+++
b/tests/gold_tests/pluginTest/client_context_dump/client_context_dump.test.py
@@ -47,7 +47,7 @@ ts.Disk.ssl_multicert_config.AddLine(
'dest_ip=* ssl_cert_name=one.com.pem ssl_key_name=one.com.pem'
)
-ts.Disk.ssl_server_name_yaml.AddLines([
+ts.Disk.sni_yaml.AddLines([
'- fqdn: "*one.com"',
' client_cert: "one.com.pem"',
'- fqdn: "*two.com"',
diff --git a/tests/gold_tests/pluginTest/sslheaders/sslheaders.test.py
b/tests/gold_tests/pluginTest/sslheaders/sslheaders.test.py
index c13d0da..fdfb5c8 100644
--- a/tests/gold_tests/pluginTest/sslheaders/sslheaders.test.py
+++ b/tests/gold_tests/pluginTest/sslheaders/sslheaders.test.py
@@ -71,7 +71,7 @@ ts.Disk.remap_config.AddLine(
'map https://bar.com http://127.0.0.1:{0}'.format(server.Variables.Port)
)
-ts.Disk.ssl_server_name_yaml.AddLines([
+ts.Disk.sni_yaml.AddLines([
'- fqdn: "*bar.com"',
' verify_client: STRICT',
])
diff --git a/tests/gold_tests/tls/tls_client_cert.test.py
b/tests/gold_tests/tls/tls_client_cert.test.py
index 5118769..7c57ca5 100644
--- a/tests/gold_tests/tls/tls_client_cert.test.py
+++ b/tests/gold_tests/tls/tls_client_cert.test.py
@@ -91,11 +91,11 @@ ts.Disk.remap_config.AddLine(
'map /case2 https://127.0.0.1:{0}/'.format(server2.Variables.SSL_Port)
)
-ts.Disk.ssl_server_name_yaml.AddLine(
+ts.Disk.sni_yaml.AddLine(
'- fqdn: bar.com')
-ts.Disk.ssl_server_name_yaml.AddLine(
+ts.Disk.sni_yaml.AddLine(
' client_cert: {0}/signed2-bar.pem'.format(ts.Variables.SSLDir))
-ts.Disk.ssl_server_name_yaml.AddLine(
+ts.Disk.sni_yaml.AddLine(
' client_key: {0}/signed-bar.key'.format(ts.Variables.SSLDir))
@@ -140,14 +140,14 @@ trbarfail.Processes.Default.Streams.stdout =
Testers.ContainsExpression("Could N
tr2 = Test.AddTestRun("Update config files")
# Update the SNI config
-snipath = ts.Disk.ssl_server_name_yaml.AbsPath
+snipath = ts.Disk.sni_yaml.AbsPath
recordspath = ts.Disk.records_config.AbsPath
-tr2.Disk.File(snipath, id = "ssl_server_name_yaml", typename="ats:config"),
-tr2.Disk.ssl_server_name_yaml.AddLine(
+tr2.Disk.File(snipath, id = "sni_yaml", typename="ats:config"),
+tr2.Disk.sni_yaml.AddLine(
'- fqdn: bar.com')
-tr2.Disk.ssl_server_name_yaml.AddLine(
+tr2.Disk.sni_yaml.AddLine(
' client_cert: {0}/signed-bar.pem'.format(ts.Variables.SSLDir))
-tr2.Disk.ssl_server_name_yaml.AddLine(
+tr2.Disk.sni_yaml.AddLine(
' client_key: {0}/signed-bar.key'.format(ts.Variables.SSLDir))
# recreate the records.config with the cert filename changed
tr2.Disk.File(recordspath, id = "records_config",
typename="ats:config:records"),
@@ -172,11 +172,11 @@ tr2.Processes.Default.Env = ts.Env
tr2.Processes.Default.ReturnCode = 0
# Parking this as a ready tester on a meaningless process
-# Stall the test runs until the ssl_server_name reload has completed
-# At that point the new ssl_server_name settings are ready to go
-def ssl_server_name_reload_done(tsenv):
+# Stall the test runs until the sni reload has completed
+# At that point the new sni settings are ready to go
+def sni_reload_done(tsenv):
def done_reload(process, hasRunFor, **kw):
- cmd = "grep 'ssl_server_name.yaml finished loading' {0} | wc -l >
{1}/test.out".format(ts.Disk.diags_log.Name, Test.RunDirectory)
+ cmd = "grep 'sni.yaml finished loading' {0} | wc -l >
{1}/test.out".format(ts.Disk.diags_log.Name, Test.RunDirectory)
retval = subprocess.run(cmd, shell=True, env=tsenv)
if retval.returncode == 0:
cmd ="if [ -f {0}/test.out -a \"`cat {0}/test.out`\" = \"2\" ] ; then
true; else false; fi".format(Test.RunDirectory)
@@ -198,7 +198,7 @@ tr2reload.Processes.Default.ReturnCode = 0
#Should succeed
tr3bar = Test.AddTestRun("Make request with other bar cert to first server")
# Wait for the reload to complete
-tr3bar.Processes.Default.StartBefore(server3,
ready=ssl_server_name_reload_done(ts.Env))
+tr3bar.Processes.Default.StartBefore(server3, ready=sni_reload_done(ts.Env))
tr3bar.StillRunningAfter = ts
tr3bar.StillRunningAfter = server
tr3bar.StillRunningAfter = server2
diff --git a/tests/gold_tests/tls/tls_client_cert2.test.py
b/tests/gold_tests/tls/tls_client_cert2.test.py
index a8cf9e2..02ff1a2 100644
--- a/tests/gold_tests/tls/tls_client_cert2.test.py
+++ b/tests/gold_tests/tls/tls_client_cert2.test.py
@@ -21,7 +21,7 @@ import os
import re
Test.Summary = '''
-Test client certs to origin selected via wildcard names in ssl_server_name
+Test client certs to origin selected via wildcard names in sni
'''
ts = Test.MakeATSProcess("ts", command="traffic_server", select_ports=False)
@@ -85,7 +85,7 @@ ts.Disk.remap_config.AddLine(
'map /case2 https://127.0.0.1:{0}/'.format(server2.Variables.SSL_Port)
)
-ts.Disk.ssl_server_name_yaml.AddLines([
+ts.Disk.sni_yaml.AddLines([
'- fqdn: bob.bar.com',
' client_cert: signed-bar.pem',
' client_key: signed-bar.key',
diff --git a/tests/gold_tests/tls/tls_client_verify.test.py
b/tests/gold_tests/tls/tls_client_verify.test.py
index 341577a..f878a84 100644
--- a/tests/gold_tests/tls/tls_client_verify.test.py
+++ b/tests/gold_tests/tls/tls_client_verify.test.py
@@ -64,7 +64,7 @@ ts.Disk.remap_config.AddLine(
)
# Scenario 1: Default no client cert required. cert required for bar.com
-ts.Disk.ssl_server_name_yaml.AddLines([
+ts.Disk.sni_yaml.AddLines([
'- fqdn: bob.bar.com',
' verify_client: NONE',
'- fqdn: bob.*.com',
diff --git a/tests/gold_tests/tls/tls_client_verify2.test.py
b/tests/gold_tests/tls/tls_client_verify2.test.py
index 2174b81..304a33b 100644
--- a/tests/gold_tests/tls/tls_client_verify2.test.py
+++ b/tests/gold_tests/tls/tls_client_verify2.test.py
@@ -64,7 +64,7 @@ ts.Disk.remap_config.AddLine(
)
# Scenario 1: Default no client cert required. cert required for bar.com
-ts.Disk.ssl_server_name_yaml.AddLines([
+ts.Disk.sni_yaml.AddLines([
'- fqdn: bob.bar.com',
' verify_client: STRICT',
'- fqdn: bob.*.com',
diff --git a/tests/gold_tests/tls/tls_client_versions.test.py
b/tests/gold_tests/tls/tls_client_versions.test.py
index c506af4..2a3dbd2 100644
--- a/tests/gold_tests/tls/tls_client_versions.test.py
+++ b/tests/gold_tests/tls/tls_client_versions.test.py
@@ -43,7 +43,7 @@ ts.addSSLfile("ssl/server.key")
ts.Variables.ssl_port = 4443
-# Need no remap rules. Everything should be proccessed by ssl_server_name
+# Need no remap rules. Everything should be proccessed by sni
# Make sure the TS server certs are different from the origin certs
ts.Disk.ssl_multicert_config.AddLine(
@@ -67,7 +67,7 @@ ts.Disk.records_config.update({
# foo.com should only offer the older TLS protocols
# bar.com should terminate.
# empty SNI should tunnel to server_bar
-ts.Disk.ssl_server_name_yaml.AddLines([
+ts.Disk.sni_yaml.AddLines([
'- fqdn: foo.com',
' valid_tls_versions_in: [ TLSv1, TLSv1_1 ]'
])
diff --git a/tests/gold_tests/tls/tls_forward_nonhttp.test.py
b/tests/gold_tests/tls/tls_forward_nonhttp.test.py
index 5cfdd39..4b3c22c 100644
--- a/tests/gold_tests/tls/tls_forward_nonhttp.test.py
+++ b/tests/gold_tests/tls/tls_forward_nonhttp.test.py
@@ -30,7 +30,7 @@ ts.addSSLfile("ssl/server.key")
ts.Variables.ssl_port = 4443
-# Need no remap rules. Everything should be proccessed by ssl_server_name
+# Need no remap rules. Everything should be proccessed by sni
# Make sure the TS server certs are different from the origin certs
ts.Disk.ssl_multicert_config.AddLine(
@@ -52,7 +52,7 @@ ts.Disk.records_config.update({
# foo.com should not terminate. Just tunnel to server_foo
# bar.com should terminate. Forward its tcp stream to server_bar
-ts.Disk.ssl_server_name_yaml.AddLines([
+ts.Disk.sni_yaml.AddLines([
"- fqdn: bar.com",
" forward_route: localhost:4444"
])
diff --git a/tests/gold_tests/tls/tls_hooks_client_verify.test.py
b/tests/gold_tests/tls/tls_hooks_client_verify.test.py
index 12bf397..a166d46 100644
--- a/tests/gold_tests/tls/tls_hooks_client_verify.test.py
+++ b/tests/gold_tests/tls/tls_hooks_client_verify.test.py
@@ -66,7 +66,7 @@ ts.Disk.remap_config.AddLine(
'map https://random.com:{1}/
https://127.0.0.1:{0}'.format(server.Variables.SSL_Port, ts.Variables.ssl_port)
)
-ts.Disk.ssl_server_name_yaml.AddLines([
+ts.Disk.sni_yaml.AddLines([
'- fqdn: bar.com',
' verify_client: STRICT',
'- fqdn: foo.com',
diff --git a/tests/gold_tests/tls/tls_hooks_verify.test.py
b/tests/gold_tests/tls/tls_hooks_verify.test.py
index 1725700..0c99d7f 100644
--- a/tests/gold_tests/tls/tls_hooks_verify.test.py
+++ b/tests/gold_tests/tls/tls_hooks_verify.test.py
@@ -64,9 +64,9 @@ ts.Disk.remap_config.AddLine(
'map https://random.com:{1}/
https://127.0.0.1:{0}'.format(server.Variables.SSL_Port, ts.Variables.ssl_port)
)
-ts.Disk.ssl_server_name_yaml.AddLine(
+ts.Disk.sni_yaml.AddLine(
'- fqdn: bar.com')
-ts.Disk.ssl_server_name_yaml.AddLine(
+ts.Disk.sni_yaml.AddLine(
' verify_server_policy: PERMISSIVE')
Test.PreparePlugin(os.path.join(Test.Variables.AtsTestToolsDir, 'plugins',
'ssl_verify_test.cc'), ts, '-count=2 -bad=random.com -bad=bar.com')
diff --git a/tests/gold_tests/tls/tls_tunnel.test.py
b/tests/gold_tests/tls/tls_tunnel.test.py
index 3e55ef3..b689bbc 100644
--- a/tests/gold_tests/tls/tls_tunnel.test.py
+++ b/tests/gold_tests/tls/tls_tunnel.test.py
@@ -47,7 +47,7 @@ ts.addSSLfile("ssl/signer.key")
ts.Variables.ssl_port = 4443
-# Need no remap rules. Everything should be proccessed by ssl_server_name
+# Need no remap rules. Everything should be proccessed by sni
# Make sure the TS server certs are different from the origin certs
ts.Disk.ssl_multicert_config.AddLine(
@@ -72,7 +72,7 @@ ts.Disk.records_config.update({
# foo.com should not terminate. Just tunnel to server_foo
# bar.com should terminate.
# empty SNI should tunnel to server_bar
-ts.Disk.ssl_server_name_yaml.AddLines([
+ts.Disk.sni_yaml.AddLines([
'- fqdn: foo.com',
" tunnel_route: localhost:{0}".format(server_foo.Variables.SSL_Port),
"- fqdn: bob.*.com",
@@ -124,13 +124,13 @@ tr.Processes.Default.Streams.All +=
Testers.ContainsExpression("HTTP/1.1 200 OK"
tr.Processes.Default.Streams.All += Testers.ExcludesExpression("ATS", "Do not
terminate on Traffic Server")
tr.Processes.Default.Streams.All += Testers.ContainsExpression("bar ok",
"Should get a response from bar")
-# Update ssl_server_name file and reload
+# Update sni file and reload
tr = Test.AddTestRun("Update config files")
# Update the SNI config
-snipath = ts.Disk.ssl_server_name_yaml.AbsPath
+snipath = ts.Disk.sni_yaml.AbsPath
recordspath = ts.Disk.records_config.AbsPath
-tr.Disk.File(snipath, id = "ssl_server_name_yaml", typename="ats:config"),
-tr.Disk.ssl_server_name_yaml.AddLines([
+tr.Disk.File(snipath, id = "sni_yaml", typename="ats:config"),
+tr.Disk.sni_yaml.AddLines([
'- fqdn: bar.com',
" tunnel_route: localhost:{0}".format(server_bar.Variables.SSL_Port),
])
@@ -151,11 +151,11 @@ trreload.Processes.Default.Env = ts.Env
trreload.Processes.Default.ReturnCode = 0
# Parking this as a ready tester on a meaningless process
-# Stall the test runs until the ssl_server_name reload has completed
-# At that point the new ssl_server_name settings are ready to go
-def ssl_server_name_reload_done(tsenv):
+# Stall the test runs until the sni reload has completed
+# At that point the new sni settings are ready to go
+def sni_reload_done(tsenv):
def done_reload(process, hasRunFor, **kw):
- cmd = "grep 'ssl_server_name.yaml finished loading' {0} | wc -l >
{1}/test.out".format(ts.Disk.diags_log.Name, Test.RunDirectory)
+ cmd = "grep 'sni.yaml finished loading' {0} | wc -l >
{1}/test.out".format(ts.Disk.diags_log.Name, Test.RunDirectory)
retval = subprocess.run(cmd, shell=True, env=tsenv)
if retval.returncode == 0:
cmd ="if [ -f {0}/test.out -a \"`cat {0}/test.out`\" = \"2\" ] ; then
true; else false; fi".format(Test.RunDirectory)
@@ -167,8 +167,8 @@ def ssl_server_name_reload_done(tsenv):
# Should termimate on traffic_server (not tunnel)
tr = Test.AddTestRun("foo.com no Tunnel-test")
tr.StillRunningAfter = ts
-# Wait for the reload to complete by running the ssl_server_name_reload_done
test
-tr.Processes.Default.StartBefore(server2,
ready=ssl_server_name_reload_done(ts.Env))
+# Wait for the reload to complete by running the sni_reload_done test
+tr.Processes.Default.StartBefore(server2, ready=sni_reload_done(ts.Env))
tr.Processes.Default.Command = "curl -v --resolve 'foo.com:{0}:127.0.0.1' -k
https://foo.com:{0}".format(ts.Variables.ssl_port)
tr.Processes.Default.Streams.All += Testers.ContainsExpression("Not Found on
Accelerato", "Terminates on on Traffic Server")
tr.Processes.Default.Streams.All += Testers.ContainsExpression("ATS",
"Terminate on Traffic Server")
diff --git a/tests/gold_tests/tls/tls_tunnel_forward.test.py
b/tests/gold_tests/tls/tls_tunnel_forward.test.py
index f72d105..c7bb6d6 100644
--- a/tests/gold_tests/tls/tls_tunnel_forward.test.py
+++ b/tests/gold_tests/tls/tls_tunnel_forward.test.py
@@ -49,7 +49,7 @@ ts.addSSLfile("ssl/signer.key")
ts.Variables.ssl_port = 4443
-# Need no remap rules. Everything should be proccessed by ssl_server_name
+# Need no remap rules. Everything should be proccessed by sni
# Make sure the TS server certs are different from the origin certs
ts.Disk.ssl_multicert_config.AddLine(
@@ -73,7 +73,7 @@ ts.Disk.records_config.update({
# foo.com should not terminate. Just tunnel to server_foo
# bar.com should terminate. Forward its tcp stream to server_bar
-ts.Disk.ssl_server_name_yaml.AddLines([
+ts.Disk.sni_yaml.AddLines([
"- fqdn: 'foo.com'",
" tunnel_route: 'localhost:{0}'".format(server_foo.Variables.SSL_Port),
"- fqdn: 'bar.com'",
diff --git a/tests/gold_tests/tls/tls_tunnel_plugin_rename.test.py
b/tests/gold_tests/tls/tls_tunnel_plugin_rename.test.py
index 1da7aa2..fa5640b 100644
--- a/tests/gold_tests/tls/tls_tunnel_plugin_rename.test.py
+++ b/tests/gold_tests/tls/tls_tunnel_plugin_rename.test.py
@@ -47,7 +47,7 @@ ts.addSSLfile("ssl/signer.key")
ts.Variables.ssl_port = 4443
-# Need no remap rules. Everything should be proccessed by ssl_server_name
+# Need no remap rules. Everything should be proccessed by sni
# Make sure the TS server certs are different from the origin certs
ts.Disk.ssl_multicert_config.AddLine(
@@ -72,7 +72,7 @@ ts.Disk.records_config.update({
# bar.com should terminate.
# empty should tunnel to server_random (should not happen)
# newname should tunnel to server_bar
-ts.Disk.ssl_server_name_yaml.AddLines([
+ts.Disk.sni_yaml.AddLines([
"- fqdn: newname",
" tunnel_route: localhost:{0}".format(server_bar.Variables.SSL_Port),
"- fqdn: ''", #default case
diff --git a/tests/gold_tests/tls/tls_verify.test.py
b/tests/gold_tests/tls/tls_verify.test.py
index cd68ff8..ba2f3ed 100644
--- a/tests/gold_tests/tls/tls_verify.test.py
+++ b/tests/gold_tests/tls/tls_verify.test.py
@@ -88,7 +88,7 @@ ts.Disk.records_config.update({
'proxy.config.url_remap.pristine_host_hdr': 1
})
-ts.Disk.ssl_server_name_yaml.AddLines([
+ts.Disk.sni_yaml.AddLines([
'- fqdn: bar.com',
' verify_server_policy: ENFORCED',
' verify_server_properties: ALL',
diff --git a/tests/gold_tests/tls/tls_verify2.test.py
b/tests/gold_tests/tls/tls_verify2.test.py
index 1dd8b31..1752f63 100644
--- a/tests/gold_tests/tls/tls_verify2.test.py
+++ b/tests/gold_tests/tls/tls_verify2.test.py
@@ -80,21 +80,21 @@ ts.Disk.records_config.update({
'proxy.config.url_remap.pristine_host_hdr': 1
})
-ts.Disk.ssl_server_name_yaml.AddLine(
+ts.Disk.sni_yaml.AddLine(
'- fqdn: bar.com')
-ts.Disk.ssl_server_name_yaml.AddLine(
+ts.Disk.sni_yaml.AddLine(
' verify_server_policy: PERMISSIVE')
-ts.Disk.ssl_server_name_yaml.AddLine(
+ts.Disk.sni_yaml.AddLine(
' verify_server_properties: SIGNATURE')
-ts.Disk.ssl_server_name_yaml.AddLine(
+ts.Disk.sni_yaml.AddLine(
'- fqdn: bad_bar.com')
-ts.Disk.ssl_server_name_yaml.AddLine(
+ts.Disk.sni_yaml.AddLine(
' verify_server_policy: PERMISSIVE')
-ts.Disk.ssl_server_name_yaml.AddLine(
+ts.Disk.sni_yaml.AddLine(
' verify_server_properties: SIGNATURE')
-ts.Disk.ssl_server_name_yaml.AddLine(
+ts.Disk.sni_yaml.AddLine(
'- fqdn: random.com')
-ts.Disk.ssl_server_name_yaml.AddLine(
+ts.Disk.sni_yaml.AddLine(
' verify_server_policy: DISABLED')
tr = Test.AddTestRun("default-enforce")
diff --git a/tests/gold_tests/tls/tls_verify3.test.py
b/tests/gold_tests/tls/tls_verify3.test.py
index 9fc6d61..ec7df52 100644
--- a/tests/gold_tests/tls/tls_verify3.test.py
+++ b/tests/gold_tests/tls/tls_verify3.test.py
@@ -80,7 +80,7 @@ ts.Disk.records_config.update({
'proxy.config.url_remap.pristine_host_hdr': 1
})
-ts.Disk.ssl_server_name_yaml.AddLines([
+ts.Disk.sni_yaml.AddLines([
'- fqdn: bob.bar.com',
' verify_server_policy: ENFORCED',
' verify_server_properties: ALL',
diff --git a/tests/gold_tests/tls/tls_verify_base.test.py
b/tests/gold_tests/tls/tls_verify_base.test.py
index 19ddc95..3bdfdd1 100644
--- a/tests/gold_tests/tls/tls_verify_base.test.py
+++ b/tests/gold_tests/tls/tls_verify_base.test.py
@@ -80,7 +80,7 @@ ts.Disk.records_config.update({
'proxy.config.ssl.client.sni_policy': 'host'
})
-ts.Disk.ssl_server_name_yaml.AddLines([
+ts.Disk.sni_yaml.AddLines([
'- fqdn: bar.com',
' verify_server_policy: ENFORCED',
' verify_server_properties: ALL',
