aws
ci(nix): Startup/configure apache for renegotiate test under nix
Resolved issues:
Partial for #3841
Description of changes:
This PR adds an Apache configuration and startup for the nix devShell, so the integration test renegotiate_apache will pass.
Call-outs:
Apache modules and configuration are somewhat distribution specific, in our current CI setup, the expected layout is from Ubuntu18's apache2 setup. Trying to configure the nix httpd with same configs won't work. Initially, I tried just "patching" them, but that is fragile, complex, and will break with underlying changes.
Testing:
[nix awslc] dougch:~/gitrepos/s2n-tls$ apache2_start
[nix awslc] dougch:~/gitrepos/s2n-tls$ curl -Sk https://localhost:7777/
<html>
<head>
<title>Renegotiation Testing Server</title>
</head>
<body>
<p>Welcome to the s2n renegotiation testing server! See the following endpoints:</p>
<ul>
<li>
<a href="/change_cipher_suite">/change_cipher_suite</a> forces a renegotiation by changing the negotiated
cipher suite to AES-128-SHA.
</li>
<li>
<a href="/mutual_auth">/mutual_auth</a> forces a renegotiation by enforcing mutual authentication.
</li>
</ul>
</body>
</html>
Adhoc codebuild job of just the renegotiate_apache test
How is this change tested (unit tests, fuzz tests, etc.)? locally, CI
Is this a refactor change? If so, how have you proved that the intended behavior hasn't changed?
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
If apache configuration is distribution specific, and can't be run with nix without a lot of assumptions, what is the benefit of running it with nix? Would another option be to just run apache in our ubuntu18 CI before running the renegotiate test with nix? If apache can only be run with nix on ubuntu18 anyway, I don't see much of a difference.
We discussed this offline. I was confused - the ubuntu18 configuration was used, but this should work with other environments using nix as well.
