(trafficserver) branch 10.1.x updated: Updated testing and fixed bug in SSLSNIConfig (#12248)

Tue, 27 May 2025 07:12:30 -0700 

This is an automated email from the ASF dual-hosted git repository.

cmcfarlen pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git


The following commit(s) were added to refs/heads/10.1.x by this push:
     new d6bed95a0a Updated testing and fixed bug in SSLSNIConfig (#12248)
d6bed95a0a is described below

commit d6bed95a0a611705196d48bc8db175f40f20618d
Author: Bryan Call <[email protected]>
AuthorDate: Wed May 21 12:54:05 2025 -0700

    Updated testing and fixed bug in SSLSNIConfig (#12248)
    
    (cherry picked from commit 4d12805948ce7eab939a4fce0ca922eaacec5c25)
---
 src/iocore/net/SSLSNIConfig.cc                  |  1 +
 src/iocore/net/unit_tests/sni_conf_test.yaml    | 13 ++++
 src/iocore/net/unit_tests/test_SSLSNIConfig.cc  | 80 +++++++++++++++++++++----
 src/iocore/net/unit_tests/test_YamlSNIConfig.cc |  2 +-
 4 files changed, 83 insertions(+), 13 deletions(-)

diff --git a/src/iocore/net/SSLSNIConfig.cc b/src/iocore/net/SSLSNIConfig.cc
index 19b631e782..bbac57eb6f 100644
--- a/src/iocore/net/SSLSNIConfig.cc
+++ b/src/iocore/net/SSLSNIConfig.cc
@@ -77,6 +77,7 @@ NamedElement::operator=(NamedElement &&other)
   if (this != &other) {
     match               = std::move(other.match);
     inbound_port_ranges = std::move(other.inbound_port_ranges);
+    rank                = other.rank;
   }
   return *this;
 }
diff --git a/src/iocore/net/unit_tests/sni_conf_test.yaml 
b/src/iocore/net/unit_tests/sni_conf_test.yaml
index d8b264a503..2f7a1dedc3 100644
--- a/src/iocore/net/unit_tests/sni_conf_test.yaml
+++ b/src/iocore/net/unit_tests/sni_conf_test.yaml
@@ -36,3 +36,16 @@ sni:
   http2_buffer_water_mark: 256
 - fqdn: foo.bar.com
   http2: false
+
+# test with mixed-case
+- fqdn: "MiXeDcAsE.foo.com"
+  http2: true
+  http2_buffer_water_mark: 256
+  inbound_port_ranges: 31337
+
+# test with mixed-case glob
+- fqdn: "*.MiXeDcAsE.com"
+  http2: false
+
+# test glob in the middle, this will be an exact match
+- fqdn: "cat.*.com"
diff --git a/src/iocore/net/unit_tests/test_SSLSNIConfig.cc 
b/src/iocore/net/unit_tests/test_SSLSNIConfig.cc
index e04cd7837b..001e211565 100644
--- a/src/iocore/net/unit_tests/test_SSLSNIConfig.cc
+++ b/src/iocore/net/unit_tests/test_SSLSNIConfig.cc
@@ -41,78 +41,134 @@ TEST_CASE("Test SSLSNIConfig")
 
   SECTION("The config does not match any SNIs for someport.com:577")
   {
-    auto const &actions{params.get({"someport.com", 
std::strlen("someport.com")}, 577)};
+    auto const &actions{params.get("someport.com", 577)};
     CHECK(!actions.first);
   }
 
   SECTION("The config does not match any SNIs for someport.com:808")
   {
-    auto const &actions{params.get({"someport.com", 
std::strlen("someport.com")}, 808)};
+    auto const &actions{params.get("someport.com", 808)};
     CHECK(!actions.first);
   }
 
   SECTION("The config does not match any SNIs for oneport.com:1")
   {
-    auto const &actions{params.get({"oneport.com", 
std::strlen("oneport.com")}, 1)};
+    auto const &actions{params.get("oneport.com", 1)};
     CHECK(!actions.first);
   }
 
   SECTION("The config does match an SNI for oneport.com:433")
   {
-    auto const &actions{params.get({"oneport.com", 
std::strlen("oneport.com")}, 433)};
+    auto const &actions{params.get("oneport.com", 433)};
     REQUIRE(actions.first);
     REQUIRE(actions.first->size() == 2);
   }
 
   SECTION("The config matches an SNI for allports.com")
   {
-    auto const &actions{params.get({"allports.com", 
std::strlen("allports.com")}, 1)};
+    auto const &actions{params.get("allports.com", 1)};
     REQUIRE(actions.first);
     REQUIRE(actions.first->size() == 2);
   }
 
   SECTION("The config matches an SNI for someport.com:1")
   {
-    auto const &actions{params.get({"someport.com", 
std::strlen("someport.com")}, 1)};
+    auto const &actions{params.get("someport.com", 1)};
     REQUIRE(actions.first);
     REQUIRE(actions.first->size() == 3);
   }
 
   SECTION("The config matches an SNI for someport.com:433")
   {
-    auto const &actions{params.get({"someport.com", 
std::strlen("someport.com")}, 433)};
+    auto const &actions{params.get("someport.com", 433)};
     REQUIRE(actions.first);
     REQUIRE(actions.first->size() == 3);
   }
 
   SECTION("The config matches an SNI for someport:8080")
   {
-    auto const &actions{params.get({"someport.com", 
std::strlen("someport.com")}, 8080)};
+    auto const &actions{params.get("someport.com", 8080)};
     REQUIRE(actions.first);
     REQUIRE(actions.first->size() == 2);
   }
 
   SECTION("The config matches an SNI for someport:65535")
   {
-    auto const &actions{params.get({"someport.com", 
std::strlen("someport.com")}, 65535)};
+    auto const &actions{params.get("someport.com", 65535)};
     REQUIRE(actions.first);
     REQUIRE(actions.first->size() == 2);
   }
 
   SECTION("The config matches an SNI for someport:482")
   {
-    auto const &actions{params.get({"someport.com", 
std::strlen("someport.com")}, 482)};
+    auto const &actions{params.get("someport.com", 482)};
     REQUIRE(actions.first);
     REQUIRE(actions.first->size() == 3);
   }
 
   SECTION("Matching order")
   {
-    std::string_view target = "foo.bar.com";
-    auto const      &actions{params.get(target, 443)};
+    auto const &actions{params.get("foo.bar.com", 443)};
     REQUIRE(actions.first);
     REQUIRE(actions.first->size() == 5); ///< three H2 config + early data + 
fqdn
   }
+
+  SECTION("Test mixed-case")
+  {
+    auto const &actions{params.get("SoMePoRt.CoM", 65535)};
+    REQUIRE(actions.first);
+    REQUIRE(actions.first->size() == 2);
+  }
+
+  SECTION("Test mixed-case with wildcard in yaml config")
+  {
+    auto const &actions{params.get("AnYtHiNg.BaR.CoM", 443)};
+    REQUIRE(actions.first);
+    REQUIRE(actions.first->size() == 4);
+    // verify the capture group
+    REQUIRE(actions.second._fqdn_wildcard_captured_groups->at(0) == 
"AnYtHiNg");
+  }
+
+  SECTION("Test mixed-case in yaml config")
+  {
+    auto const &actions{params.get("mixedcase.foo.com", 31337)};
+    REQUIRE(actions.first);
+    REQUIRE(actions.first->size() == 4);
+  }
+
+  SECTION("Test mixed-case glob in yaml config")
+  {
+    auto const &actions{params.get("FoO.mixedcase.com", 443)};
+    REQUIRE(actions.first);
+    REQUIRE(actions.first->size() == 3);
+    // verify the capture group
+    REQUIRE(actions.second._fqdn_wildcard_captured_groups->at(0) == "FoO");
+  }
+
+  SECTION("Test empty SNI does not match")
+  {
+    auto const &actions{params.get("", 443)};
+    CHECK(!actions.first);
+  }
+
+  SECTION("Test SNI with special characters does not match")
+  {
+    auto const &actions{params.get("some$port.com", 443)};
+    CHECK(!actions.first);
+  }
+
+  SECTION("Test with invalid glob in the middle in yaml config (e.g. 
cat.*.com) does not match")
+  {
+    auto const &actions{params.get("cat.dog.com", 443)};
+    REQUIRE(!actions.first);
+  }
+
+  SECTION("Test with invalid glob in the middle in yaml config (e.g. 
cat.*.com) does an exact match")
+  {
+    auto const &actions{params.get("cat.*.com", 443)};
+    REQUIRE(actions.first);
+    REQUIRE(actions.first->size() == 2);
+  }
 }
 
 TEST_CASE("SNIConfig reconfigure callback is invoked")
diff --git a/src/iocore/net/unit_tests/test_YamlSNIConfig.cc 
b/src/iocore/net/unit_tests/test_YamlSNIConfig.cc
index e461ebe39b..cbd83c2eb7 100644
--- a/src/iocore/net/unit_tests/test_YamlSNIConfig.cc
+++ b/src/iocore/net/unit_tests/test_YamlSNIConfig.cc
@@ -55,7 +55,7 @@ TEST_CASE("YamlSNIConfig sets port ranges appropriately")
     FAIL(errorstream.str());
   }
   REQUIRE(zret.is_ok());
-  REQUIRE(conf.items.size() == 7);
+  REQUIRE(conf.items.size() == 10);
 
   SECTION("If no ports were specified, port range should contain all ports.")
   {

Reply via email to