[ovs-dev] [PATCH 1/2] ovs-monitor-ipsec: Various minor cleanups

Ben Pfaff blp at nicira.com
Wed Dec 29 00:12:25 UTC 2010


On Tue, Dec 28, 2010 at 04:07:29PM -0800, Justin Pettit wrote:
> A few minor cleanups:
> 
>     - Clean out stale peer certs from previous runs
>     - Weakly attempt to verify that a certificate is valid, since Racoon
>       will refuse to start if it's not.
>     - Restart racoon if it can't be reloaded, since it's temperamental
> 
> If these changes look good, I'll roll them into the commit that adds
> support for certificates, since it hasn't been pushed yet.

The only question I have is whether the code that cleans out stale peer
certs should catch, log, and ignore errors.  How bad is it if some files
can't be deleted?  (What if someone created a subdirectory in the
directory that holds peer certs, or if there is a permissions problem?)

Otherwise it looks OK to me.




More information about the dev mailing list