[ovs-dev] [PATCH 1/2] ovs-monitor-ipsec: Various minor cleanups

Justin Pettit jpettit at nicira.com
Wed Dec 29 00:31:40 UTC 2010


On Dec 28, 2010, at 4:12 PM, Ben Pfaff wrote:

> On Tue, Dec 28, 2010 at 04:07:29PM -0800, Justin Pettit wrote:
>> A few minor cleanups:
>> 
>>    - Clean out stale peer certs from previous runs
>>    - Weakly attempt to verify that a certificate is valid, since Racoon
>>      will refuse to start if it's not.
>>    - Restart racoon if it can't be reloaded, since it's temperamental
>> 
>> If these changes look good, I'll roll them into the commit that adds
>> support for certificates, since it hasn't been pushed yet.
> 
> The only question I have is whether the code that cleans out stale peer
> certs should catch, log, and ignore errors.  How bad is it if some files
> can't be deleted?  (What if someone created a subdirectory in the
> directory that holds peer certs, or if there is a permissions problem?)


Good thought.  I added a try/except block to handle that case and pushed.

Thanks for the quick review.

--Justin






More information about the dev mailing list