fix(proxy): use TLS to backends for terminate-and-reencrypt routes

2026-02-16 13:29:45 +00:00
parent 9fac17bc39
commit 101675b5f8
5 changed files with 95 additions and 6 deletions
--- a/rust/crates/rustproxy/tests/integration_http_proxy.rs
+++ b/rust/crates/rustproxy/tests/integration_http_proxy.rs
@@ -418,13 +418,17 @@ async fn test_terminate_and_reencrypt_http_routing() {
    let backend2_port = next_port();
    let proxy_port = next_port();

-    // Start plain HTTP echo backends (proxy terminates client TLS, connects plain to backend)
-    let _b1 = start_http_echo_backend(backend1_port, "alpha").await;
-    let _b2 = start_http_echo_backend(backend2_port, "beta").await;
-
    let (cert1, key1) = generate_self_signed_cert("alpha.example.com");
    let (cert2, key2) = generate_self_signed_cert("beta.example.com");

+    // Generate separate backend certs (backends are independent TLS servers)
+    let (backend_cert1, backend_key1) = generate_self_signed_cert("localhost");
+    let (backend_cert2, backend_key2) = generate_self_signed_cert("localhost");
+
+    // Start TLS HTTP echo backends (proxy re-encrypts to these)
+    let _b1 = start_tls_http_backend(backend1_port, "alpha", &backend_cert1, &backend_key1).await;
+    let _b2 = start_tls_http_backend(backend2_port, "beta", &backend_cert2, &backend_key2).await;
+
    // Create terminate-and-reencrypt routes
    let mut route1 = make_tls_terminate_route(
        proxy_port, "alpha.example.com", "127.0.0.1", backend1_port, &cert1, &key1,