Merge "Terminate SSL connection only if VIP protocol is HTTPS and not…

… if VIP port is 443 Including the right header-file too."
Juniper · Mar 11, 2015 · e16b4f4 · e16b4f4
2 parents efbbe72 + 73f4de8
commit e16b4f4
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 7 deletions.
diff --git a/src/vnsw/agent/oper/loadbalancer_haproxy.cc b/src/vnsw/agent/oper/loadbalancer_haproxy.cc
@@ -102,7 +102,7 @@ void LoadbalancerHaproxy::GenerateFrontend(
     const autogen::VirtualIpType &vip = props.vip_properties();
     *out << string(4, ' ')
          << "bind " << vip.address << ":" << vip.protocol_port;
-    if (vip.protocol_port ==  LB_HAPROXY_SSL_PORT) {
+    if (vip.protocol ==  LB_HAPROXY_TERMINATION_PROTO) {
         *out << " ssl crt " <<
             agent_->params()->si_haproxy_ssl_cert_path();
     }

diff --git a/src/vnsw/agent/oper/loadbalancer_haproxy.h b/src/vnsw/agent/oper/loadbalancer_haproxy.h
@@ -9,6 +9,7 @@
 #include "base/util.h"
 
 #define LB_HAPROXY_SSL_PORT 443
+#define LB_HAPROXY_TERMINATION_PROTO "HTTPS"
 
 class LoadbalancerProperties;
 class Agent;

diff --git a/src/vnsw/agent/oper/test/loadbalancer_haproxy_test.cc b/src/vnsw/agent/oper/test/loadbalancer_haproxy_test.cc
@@ -128,19 +128,19 @@ TEST_F(LoadbalancerHaproxyTest, GenerateConfig_with_SSL_Monitor) {
     props.set_vip_uuid(gen());
 
     autogen::LoadbalancerPoolType pool_attr;
-    pool_attr.protocol = "HTTP";
+    pool_attr.protocol = "TCP";
     props.set_pool_properties(pool_attr);
 
     autogen::VirtualIpType vip_attr;
     vip_attr.address = "127.0.0.1";
-    vip_attr.protocol = "HTTP";
-    vip_attr.protocol_port = 80;
+    vip_attr.protocol = "TCP";
+    vip_attr.protocol_port = 443;
     vip_attr.connection_limit = 100;
     props.set_vip_properties(vip_attr);
 
     autogen::LoadbalancerMemberType member;
     member.address = "127.0.0.2";
-    member.protocol_port = 80;
+    member.protocol_port = 443;
     member.weight = 10;
     props.members()->insert(std::make_pair(gen(), member));
 
@@ -160,9 +160,14 @@ TEST_F(LoadbalancerHaproxyTest, GenerateConfig_with_SSL_Monitor) {
     ifstream file(ss.str().c_str());
     if (file) {
         string file_str((istreambuf_iterator<char>(file)), istreambuf_iterator<char>());
-        string search_str = "ssl-hello-chk";
-        size_t found = file_str.find(search_str);
+        string search_str1 = "ssl-hello-chk";
+        string search_str2 = "ssl_cert";
+
+        size_t found = file_str.find(search_str1);
         EXPECT_NE(found, string::npos);
+
+        found = file_str.find(search_str2);
+        EXPECT_EQ(found, string::npos);
     }
 
     boost::system::error_code error;