testing http2 on tyk

TykTechnologies · Jan 24, 2018 · c6b6b9f · c6b6b9f
1 parent f415562
commit c6b6b9f
Show file tree

Hide file tree

Showing 5 changed files with 109 additions and 1 deletion.
diff --git a/cert_test.go b/cert_test.go
@@ -640,3 +640,30 @@ func TestCipherSuites(t *testing.T) {
 		ts.Run(t, test.TestCase{Client: client, Path: "/", ErrorMatch: "tls: handshake failure"})
 	})
 }
+
+func TestHttp2(t *testing.T) {
+	//configure server so we can useSSL and utilize the logic, but skip verification in the clients
+	_, _, combinedPEM, _ := genServerCertificate()
+	serverCertID, _ := CertificateManager.Add(combinedPEM, "")
+	defer CertificateManager.Delete(serverCertID)
+
+	config.Global.HttpServerOptions.UseSSL = true
+	config.Global.HttpServerOptions.SSLCertificates = []string{serverCertID}
+	config.Global.HttpServerOptions.UseHttp2 = true
+
+	defer resetTestConfig()
+
+	ts := newTykTestServer()
+	defer ts.Close()
+
+	buildAndLoadAPI(func(spec *APISpec) {
+		spec.Proxy.ListenPath = "/"
+	})
+
+
+	t.Run("http2client", func(t *testing.T) {
+		client := getTLSClient(nil, nil)
+
+		ts.Run(t, test.TestCase{Client: client, Path: "/"})
+	})
+}
diff --git a/config/config.go b/config/config.go
@@ -128,6 +128,7 @@ type HttpServerOptionsConfig struct {
 	SkipURLCleaning        bool       `json:"skip_url_cleaning"`
 	SkipTargetPathEscaping bool       `json:"skip_target_path_escaping"`
 	Ciphers                []string   `json:"ssl_ciphers"`
+	UseHttp2               bool       `json:"use_http2"`
 }
 
 type AuthOverrideConf struct {

diff --git a/lint/schema.go b/lint/schema.go
@@ -352,6 +352,9 @@ const confSchema = `{
 					"type": "string"
 				}
 			},
+			"use_http2":{
+				"type": "boolean"
+			},
 			"ssl_ciphers":{
 				"type": ["array", "null"],
 				"items": {

diff --git a/main.go b/main.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"golang.org/x/net/http2"
 	"crypto/tls"
 	"fmt"
 	"html/template"
@@ -1217,7 +1218,22 @@ func generateListener(listenPort int) (net.Listener, error) {
 		log.WithFields(logrus.Fields{
 			"prefix": "main",
 		}).Info("--> Using SSL (https)")
-
+		if config.Global.HttpServerOptions.UseHttp2{
+
+			tlsConfig := tls.Config{
+				GetCertificate:     dummyGetCertificate,
+				ServerName:         config.Global.HttpServerOptions.ServerName,
+				MinVersion:         config.Global.HttpServerOptions.MinVersion,
+				ClientAuth:         tls.RequestClientCert,
+				InsecureSkipVerify: config.Global.HttpServerOptions.SSLInsecureSkipVerify,
+				CipherSuites:       getCipherAliases([]string{"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}),
+				NextProtos:			[]string{http2.NextProtoTLS},
+			}
+
+			tlsConfig.GetConfigForClient = getTLSConfigForClient(&tlsConfig, listenPort)
+
+			return tls.Listen("tcp", targetPort, &tlsConfig)
+		}
 		tlsConfig := tls.Config{
 			GetCertificate:     dummyGetCertificate,
 			ServerName:         config.Global.HttpServerOptions.ServerName,

diff --git a/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm64.go b/vendor/golang.org/x/net/internal/socket/zsys_darwin_arm64.go