Make the decryption VTCs more robust.

c977e2b6 · Geoff Simmons · 1c7af995 · c977e2b6 · c977e2b6
Commit c977e2b6 authored Nov 13, 2019 by Geoff Simmons
Hide whitespace changes
Inline Side-by-side

Showing with 18 additions and 1 deletion

decrypt.vtc src/tests/decrypt.vtc +14 -1

decrypter.vtc src/tests/decrypter.vtc +4 -0

No files found.
--- a/src/tests/decrypt.vtc
+++ b/src/tests/decrypt.vtc
@@ -371,7 +371,20 @@ varnish v1 -expect ECE.vfp.ece_decrypt.calls >= 11
 varnish v1 -expect ECE.vfp.ece_decrypt.errs == 8

 server s1 -wait
-server s1 -start
+
+# Set to non_fatal because Varnish may reset the connection after
+# the key not found error, before the full response is sent.
+server s1 {
+	non_fatal
+	rxreq
+	txresp -nolen -hdr "Content-Encoding: aes128gcm" \
+	    -hdr "Content-Length: 53"
+	sendhex "23 50 6c c6 d1 6d b6 5b f7 bb f3 a8 f7 8c 67 9b"
+	sendhex "00 00 10 00 00 f8 d0 15 b9 bd aa 16 00 44 b9 02"
+	sendhex "91 6a 9a 19 bb e2 31 90 8b da dc c1 01 d4 f0 fe"
+	sendhex "97 2f 13 86 38"
+} -start
+

 # Delete the key, so as to provoke a key not found error.
 varnish v1 -vcl+backend {

--- a/src/tests/decrypter.vtc
+++ b/src/tests/decrypter.vtc
@@ -174,7 +174,11 @@ varnish v1 -expect ECE.vfp.vcl3.maxrs0.in == 126
 varnish v1 -expect ECE.vfp.vcl3.maxrs0.out == 30

 server s1 -wait
+
+# Set to non_fatal because Varnish may rest the connection after
+# rejecting the record size, before the full response is set.
 server s1 {
+	non_fatal
 	rxreq
 	txresp -nolen -hdr "Content-Encoding: aes128gcm" \
 	    -hdr "Content-Length: 53"