[ovs-git] [openvswitch/ovs] 3d5b9d: ovs-vsctl.at: Correct title of SSL test.

GitHub noreply at github.com
Fri Sep 18 19:50:34 UTC 2015


  Branch: refs/heads/master
  Home:   https://github.com/openvswitch/ovs
  Commit: 3d5b9d7843e9cf9ed7cc865ea10701cb186798d5
      https://github.com/openvswitch/ovs/commit/3d5b9d7843e9cf9ed7cc865ea10701cb186798d5
  Author: Gurucharan Shetty <gshetty at nicira.com>
  Date:   2015-09-18 (Fri, 18 Sep 2015)

  Changed paths:
    M tests/ovs-vsctl.at

  Log Message:
  -----------
  ovs-vsctl.at: Correct title of SSL test.

The test claimed to test peer-ca-cert functionality. But the
certificate provided via --peer-ca-cert was not actually sent
to the peer for bootstrapping. The bootstrapping was successful
because cert provided via --certificate was self-signed. Since the test
was not really testing the --peer-ca-cert functionality, change
the name of the test. We do not have any tests for bootstrapping,
so this test is still useful.

Signed-off-by: Gurucharan Shetty <gshetty at nicira.com>
Acked-by: Ben Pfaff <blp at nicira.com>


  Commit: 1b494f3e2395b8df1df4e3302b423ec3cf77963e
      https://github.com/openvswitch/ovs/commit/1b494f3e2395b8df1df4e3302b423ec3cf77963e
  Author: Gurucharan Shetty <gshetty at nicira.com>
  Date:   2015-09-18 (Fri, 18 Sep 2015)

  Changed paths:
    M lib/stream-ssl.c
    M tests/ovs-vsctl.at

  Log Message:
  -----------
  stream-ssl: Get peer-ca-cert functionality to work.

When --certificate option is provided, we currently use
SSL_CTX_use_certificate_chain_file() function to add
that certificate. If our single certificate file had multiple
certificates (as a chain), all of them would get added and sent
to the remote peer. But once you call
SSL_CTX_use_certificate_chain_file(), any future calls to
SSL_CTX_add_extra_chain_cert() (called when --peer-ca-cert option
is used) had no effect.

Since our man pages and INSTALL.SSL.md say that --certificate
is used to specify one certificate and additional certificates
are sent via --peer-ca-cert, this commit changes
SSL_CTX_use_certificate_chain_file() use to
SSL_CTX_use_certificate_file(). With this, additional certificates
can now be added via --peer-ca-cert option.

The test case added with this commit would fail without the
above changes.

Signed-off-by: Gurucharan Shetty <gshetty at nicira.com>
Acked-by: Ben Pfaff <blp at nicira.com>


Compare: https://github.com/openvswitch/ovs/compare/b113e510aad5...1b494f3e2395


More information about the git mailing list