10.2: Proxy Verifier: use concise stack protocol specification (#13003)#13016
Merged
cmcfarlen merged 1 commit intoapache:10.2.xfrom Mar 24, 2026
Merged
10.2: Proxy Verifier: use concise stack protocol specification (#13003)#13016cmcfarlen merged 1 commit intoapache:10.2.xfrom
cmcfarlen merged 1 commit intoapache:10.2.xfrom
Conversation
Proxy Verifier v3.0.0 has a more concise `stack` configurable for `protocol` specification. This makes use of that over the more verbose full `protocol` sequence. (cherry picked from commit 3e5eff6)
bneradt
changed the title
Contributor
There was a problem hiding this comment.
Pull request overview
Updates gold test Proxy Verifier replay YAML files to use Proxy Verifier v3.0.0’s concise protocol.stack syntax (and per-protocol subkeys like tls: / proxy-protocol:) instead of the verbose explicit protocol sequence list.
Changes:
- Replace
protocol: [ {name: ...}, ... ]/protocol: - name: ...sequences withprotocol: { stack: <...>, ... }across many replay files. - Move TLS settings (e.g.,
sni) underprotocol.tlswhen usingstack. - Normalize several replay files to the same concise protocol-spec pattern for HTTP/1.1, HTTP/2, and HTTP/3 scenarios.
Reviewed changes
Copilot reviewed 97 out of 97 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| tests/gold_tests/tls/tls_sni_with_port.replay.yaml | Switch to protocol.stack: https and move SNI under protocol.tls. |
| tests/gold_tests/tls/tls_session_key_logging.replay.yaml | Replace explicit protocol list with protocol.stack: https. |
| tests/gold_tests/tls/tls_client_alpn_configuration.replay.yaml | Use stack: https and stack: http2 with tls.sni blocks. |
| tests/gold_tests/tls/replay/ip_allow_tunnel.replay.yaml | Use protocol.stack: https plus tls.sni for SNI-based cases. |
| tests/gold_tests/tls/replay/ip_allow_proxy.replay.yaml | Use stack: http2 plus tls and proxy-protocol blocks. |
| tests/gold_tests/tls/replay/ip_allow.replay.yaml | Replace explicit HTTP/2+TLS stack list with stack: http2 and tls.sni. |
| tests/gold_tests/timeout/slow_server.yaml | Convert inline protocol arrays to protocol.stack for https/http2 sessions. |
| tests/gold_tests/timeout/replay/quic_no_activity_timeout.replay.yaml | Replace explicit HTTP/3 stack list with stack: http3 and tls.sni. |
| tests/gold_tests/timeout/replay/http2_no_activity_timeout.replay.yaml | Replace explicit HTTP/2 stack list with stack: http2 and tls.sni. |
| tests/gold_tests/remap/remap_acl_get_post_denied.replay.yaml | Replace explicit HTTP/1 protocol sequence with stack: http. |
| tests/gold_tests/remap/remap_acl_get_post_allowed_pp.replay.yaml | Use stack: http and move proxy protocol config under protocol.proxy-protocol. |
| tests/gold_tests/remap/remap_acl_get_post_allowed.replay.yaml | Replace explicit HTTP/1 protocol sequence with stack: http. |
| tests/gold_tests/remap/remap_acl_get_allowed.replay.yaml | Replace explicit HTTP/1 protocol sequence with stack: http. |
| tests/gold_tests/remap/remap_acl_all_denied.replay.yaml | Replace explicit HTTP/1 protocol sequence with stack: http. |
| tests/gold_tests/remap/remap_acl_all_allowed.replay.yaml | Replace explicit HTTP/1 protocol sequence with stack: http. |
| tests/gold_tests/remap/deny_head_post.replay.yaml | Replace explicit HTTP/1 protocol sequence with stack: http. |
| tests/gold_tests/remap/base.replay.yaml | Replace explicit HTTP/1 protocol sequence with stack: http. |
| tests/gold_tests/redirect/replay/redirect_to_same_origin_on_cache.replay.yaml | Replace explicit HTTP protocol sequence with stack: http. |
| tests/gold_tests/proxy_protocol/replay/proxy_protocol_out.replay.yaml | Use stack: https and move SNI under protocol.tls. |
| tests/gold_tests/proxy_protocol/replay/proxy_protocol_in.replay.yaml | Use stack: http/https and concise proxy-protocol configuration. |
| tests/gold_tests/pluginTest/txn_box/static_file/static_file.replay.yaml | Replace minimal protocol entries with protocol.stack: http for sessions. |
| tests/gold_tests/pluginTest/txn_box/smoke/smoke.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/smoke/smoke-2.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/remap/remap-base.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/ramp/ramp.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/ramp/multi-ramp.replay.yaml | Replace minimal protocol entries with protocol.stack: https. |
| tests/gold_tests/pluginTest/txn_box/prod/yts-3489.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/prod/vznith-1.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/prod/stanley.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/prod/query.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/prod/query-delete.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/prod/mTLS-bravo.replay.yaml | Use stack: https and move SNI under protocol.tls. |
| tests/gold_tests/pluginTest/txn_box/prod/mTLS-alpha.replay.yaml | Use stack: https and move SNI under protocol.tls. |
| tests/gold_tests/pluginTest/txn_box/prod/ip-acl.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/prod/cors-referrer.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/prod/cors-origin.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/example/accept-encoding.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/ct_header/ct_header.replay.yaml | Use stack: http / stack: https for non-TLS/TLS sessions. |
| tests/gold_tests/pluginTest/txn_box/basic/with.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/basic/txn_open_3.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/basic/txn_open_2.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/basic/txn_open_1.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/basic/txn-error.replay.yaml | Replace minimal protocol entries with protocol.stack: http across sessions. |
| tests/gold_tests/pluginTest/txn_box/basic/tuple.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/basic/tls.replay.yaml | Use stack: http for plaintext and stack: https for TLS session. |
| tests/gold_tests/pluginTest/txn_box/basic/tls-cert.replay.yaml | Use stack: https + tls.sni and stack: http for follow-up session. |
| tests/gold_tests/pluginTest/txn_box/basic/stat.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/basic/rxp.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/basic/reply.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/basic/redirect.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/basic/multi-cfg.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/basic/mod.replay.yaml | Replace minimal protocol entries with protocol.stack: http for sessions. |
| tests/gold_tests/pluginTest/txn_box/basic/ip-addr.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/basic/cmp.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/txn_box/basic/basic.replay.yaml | Replace minimal protocol entries with protocol.stack: http. |
| tests/gold_tests/pluginTest/transform/transaction-with-body.replays.yaml | Use stack: http2 and move SNI under protocol.tls. |
| tests/gold_tests/pluginTest/traffic_dump/replay/various_sni.yaml | Use stack: http2 and move SNI under protocol.tls. |
| tests/gold_tests/pluginTest/traffic_dump/replay/traffic_dump.yaml | Convert protocol arrays to stack + tls.sni where applicable. |
| tests/gold_tests/pluginTest/traffic_dump/replay/response_body.yaml | Use stack: http2 and move SNI under protocol.tls. |
| tests/gold_tests/pluginTest/traffic_dump/replay/http3.yaml | Use stack: http3 and move SNI under protocol.tls. |
| tests/gold_tests/pluginTest/multiplexer/replays/multiplexer_original_skip_post.replay.yaml | Replace explicit protocol sequence with stack: https. |
| tests/gold_tests/pluginTest/multiplexer/replays/multiplexer_original.replay.yaml | Replace explicit protocol sequence with stack: https. |
| tests/gold_tests/pluginTest/multiplexer/replays/multiplexer_copy_skip_post.replay.yaml | Replace explicit protocol sequence with stack: https. |
| tests/gold_tests/pluginTest/multiplexer/replays/multiplexer_copy.replay.yaml | Replace explicit protocol sequence with stack: https. |
| tests/gold_tests/pluginTest/ja4_fingerprint/ja4_fingerprint.replay.yaml | Replace explicit HTTP/1 protocol sequence with stack: http. |
| tests/gold_tests/pluginTest/ja3_fingerprint/ja3_fingerprint_remap.replay.yaml | Use stack: https / stack: http2 with tls.sni. |
| tests/gold_tests/pluginTest/ja3_fingerprint/ja3_fingerprint_global.replay.yaml | Use stack: https / stack: http2 with tls.sni. |
| tests/gold_tests/pluginTest/certifier/replays/https.replay.yaml | Use stack: https and move SNI under protocol.tls. |
| tests/gold_tests/pluginTest/certifier/replays/https-two-sessions.replay.yaml | Use stack: https and move SNI under protocol.tls for both sessions. |
| tests/gold_tests/pluginTest/cache_promote/replay/cache_promote.replay.yaml.tmpl | Replace explicit HTTP/1 protocol sequence with stack: http. |
| tests/gold_tests/pluginTest/access_control/replays/access_control.replay.yaml | Use stack: https and move SNI under protocol.tls. |
| tests/gold_tests/logging/replay/basic1.replay.yaml | Use stack: http3 and move SNI under protocol.tls. |
| tests/gold_tests/ip_allow/replays/https_multiple_methods.replay.yaml | Use stack: https and move SNI under protocol.tls. |
| tests/gold_tests/ip_allow/replays/https_categories_server.replay.yaml | Use stack: https and move SNI under protocol.tls. |
| tests/gold_tests/ip_allow/replays/https_categories_internal.replay.yaml | Use stack: https and move SNI under protocol.tls. |
| tests/gold_tests/ip_allow/replays/https_categories_external_remap.replay.yaml | Use stack: https and move SNI under protocol.tls. |
| tests/gold_tests/ip_allow/replays/https_categories_external.replay.yaml | Use stack: https and move SNI under protocol.tls. |
| tests/gold_tests/ip_allow/replays/https_categories_all.replay.yaml | Use stack: https and move SNI under protocol.tls. |
| tests/gold_tests/ip_allow/replays/http_proxy_protocol.replay.yaml | Use stack: http and move proxy protocol config under protocol.proxy-protocol. |
| tests/gold_tests/ip_allow/replays/h3.replay.yaml | Use stack: http3 and move SNI under protocol.tls. |
| tests/gold_tests/h3/replays/h3_sni.replay.yaml | Use stack: http3 and move SNI under protocol.tls (and omit when needed). |
| tests/gold_tests/h2/replay_rst_stream/http2_rst_stream_server_after_headers.yaml | Use stack: http2 and move SNI under protocol.tls. |
| tests/gold_tests/h2/replay_rst_stream/http2_rst_stream_client_after_headers.yaml | Use stack: http2 and move SNI under protocol.tls. |
| tests/gold_tests/h2/replay_rst_stream/http2_rst_stream_client_after_data.yaml | Use stack: http2 and move SNI under protocol.tls. |
| tests/gold_tests/h2/replay_h2origin/h2-origin.yaml | Use stack: http2 and convert nested proxy-request protocol blocks to stack + tls. |
| tests/gold_tests/h2/replay_h2origin/h1-client-h2-origin.yaml | Use stack: https and convert nested proxy-request protocol blocks to stack + tls. |
| tests/gold_tests/h2/replay/http2_concurrent_streams.replay.yaml | Use stack: http2 and move SNI under protocol.tls. |
| tests/gold_tests/h2/http2_flow_control_chunked.replay.yaml | Use stack: http2 and move SNI under protocol.tls. |
| tests/gold_tests/h2/http2_flow_control.replay.yaml | Use stack: http2 and move SNI under protocol.tls. |
| tests/gold_tests/h2/http2_close_connection.yaml | Use stack: http2 and move SNI under protocol.tls. |
| tests/gold_tests/h2/h2get_with_body.yaml | Use stack: http2 and move SNI under protocol.tls. |
| tests/gold_tests/h2/expect_100_continue.yaml | Use stack: http2 and move TLS settings under protocol.tls. |
| tests/gold_tests/connect/replays/connect_h2.replay.yaml | Use stack: http2 and move SNI under protocol.tls. |
| tests/gold_tests/client_connection/https_slow_origins.replay.yaml | Use stack: https and move SNI under protocol.tls for all sessions. |
| tests/gold_tests/client_connection/http2_slow_origins.replay.yaml | Use stack: http2 and move SNI under protocol.tls for all sessions. |
| tests/gold_tests/chunked_encoding/replays/chunked.replay.yaml | Replace explicit HTTP+TLS stack list with stack: https. |
| tests/gold_tests/cache/replay/bg_fill.yaml | Use stack: http2 and move SNI under protocol.tls for sessions. |
Comment on lines
178
to
+179
| # not sending Proxy Protcol | ||
| - name: tcp | ||
| - name: ip | ||
|
|
||
| stack: http |
There was a problem hiding this comment.
Spelling: comment says "Proxy Protcol"; should be "Proxy Protocol".
Comment on lines
207
to
+208
| # not sending Proxy Protcol | ||
| - name: tcp | ||
| - name: ip | ||
|
|
||
| stack: https |
There was a problem hiding this comment.
Spelling: comment says "Proxy Protcol"; should be "Proxy Protocol".
Comment on lines
138
to
140
| # Test 3: Incoming PROXY Protocol v1 on TCP port, with arbitrary source and | ||
| # destination address in PROXY message | ||
| - protocol: |
There was a problem hiding this comment.
The test case numbering in comments is inconsistent: after "Test 4" above, this section is labeled "Test 3". Please renumber these headings so they remain sequential (and update subsequent Test 4/Test 5 headings accordingly) to avoid confusion when reading failures.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proxy Verifier v3.0.0 has a more concise
stackconfigurable forprotocolspecification. This makes use of that over the more verbose fullprotocolsequence.(cherry picked from commit 3e5eff6)