From patchwork Fri Sep 11 16:32:55 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gurucharan Shetty X-Patchwork-Id: 516908 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from archives.nicira.com (unknown [IPv6:2600:3c00::f03c:91ff:fe6e:bdf7]) by ozlabs.org (Postfix) with ESMTP id BD15D14012C for ; Sat, 12 Sep 2015 02:34:43 +1000 (AEST) Received: from archives.nicira.com (localhost [127.0.0.1]) by archives.nicira.com (Postfix) with ESMTP id 2D38E22C3B4; Fri, 11 Sep 2015 09:34:42 -0700 (PDT) X-Original-To: dev@openvswitch.org Delivered-To: dev@openvswitch.org Received: from mx3v1.cudamail.com (mx3.cudamail.com [64.34.241.5]) by archives.nicira.com (Postfix) with ESMTPS id 5F55010C76 for ; Fri, 11 Sep 2015 09:34:41 -0700 (PDT) Received: from bar4.cudamail.com (bar2 [192.168.15.2]) by mx3v1.cudamail.com (Postfix) with ESMTP id A7238618A39 for ; Fri, 11 Sep 2015 10:34:40 -0600 (MDT) X-ASG-Debug-ID: 1441989277-03dc211a8e0e050001-byXFYA Received: from mx3-pf1.cudamail.com ([192.168.14.2]) by bar4.cudamail.com with ESMTP id sSYw9teW3Ewij9CP (version=TLSv1 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 11 Sep 2015 10:34:38 -0600 (MDT) X-Barracuda-Envelope-From: shettyg@nicira.com X-Barracuda-RBL-Trusted-Forwarder: 192.168.14.2 Received: from unknown (HELO mail-pa0-f49.google.com) (209.85.220.49) by mx3-pf1.cudamail.com with ESMTPS (RC4-SHA encrypted); 11 Sep 2015 16:34:37 -0000 Received-SPF: unknown (mx3-pf1.cudamail.com: Multiple SPF records returned) X-Barracuda-RBL-Trusted-Forwarder: 209.85.220.49 Received: by padhk3 with SMTP id hk3so79134666pad.3 for ; Fri, 11 Sep 2015 09:34:37 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=V+kaNeIqNpAcUt53hcLl6OdjdNyUH+gOCPbU36+F7/A=; b=CRlV9KuhdBPYXSzONEReDTgNU28GneftcbiDNhF/mII2EJQeUw1rKtGBiAHj7GCxwO YHlkxctk/9G9CcEBfc8rpfk/GN/52Xe63z8g4cFTA4TnOnkbotV3szwL1ZaBgLMnaPkW VgAi98QhVgNRTyKtqSKBtN6ouDCIVb5F2SEGhZmnnn8MzgZkj39UmSl9JbNbGjlyfA6r jeR8nvrdBRWTCGvb/gYoUWChsMCW+KmbNILrVflQUh9USPA1bGa4+ym6Upanw502Zm5u 1YpbTotTZlxhr0qVaximzf38LwdiW+O5MUjiEPrIAzhIVN5vNNOFTaKqyjokmAnIz7X4 gFwA== X-Gm-Message-State: ALoCoQlHJBc7UkwbQNqEJ04I3xWsItUJiC28zz+MLL9wKVRYygpJQG1pAf5HM+tBpK4FWTgEe9tB X-Received: by 10.68.137.35 with SMTP id qf3mr5400600pbb.89.1441989277231; Fri, 11 Sep 2015 09:34:37 -0700 (PDT) Received: from ubuntu-test.eng.vmware.com ([208.91.1.34]) by smtp.gmail.com with ESMTPSA id xv12sm1226042pac.38.2015.09.11.09.34.35 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 11 Sep 2015 09:34:36 -0700 (PDT) X-CudaMail-Envelope-Sender: shettyg@nicira.com X-Barracuda-Apparent-Source-IP: 208.91.1.34 From: Gurucharan Shetty X-Google-Original-From: Gurucharan Shetty To: dev@openvswitch.org X-CudaMail-Whitelist-To: dev@openvswitch.org X-CudaMail-MID: CM-V1-910028937 X-CudaMail-DTE: 091115 X-CudaMail-Originating-IP: 209.85.220.49 Date: Fri, 11 Sep 2015 09:32:55 -0700 X-ASG-Orig-Subj: [##CM-V1-910028937##][PATCH 1/2 v2] ovs-vsctl.at: Correct title of SSL test. Message-Id: <1441989176-17730-1-git-send-email-gshetty@nicira.com> X-Mailer: git-send-email 1.7.9.5 X-Barracuda-Connect: UNKNOWN[192.168.14.2] X-Barracuda-Start-Time: 1441989278 X-Barracuda-Encrypted: DHE-RSA-AES256-SHA X-Barracuda-URL: https://web.cudamail.com:443/cgi-mod/mark.cgi X-ASG-Whitelist: Header =?UTF-8?B?eFwtY3VkYW1haWxcLXdoaXRlbGlzdFwtdG8=?= X-Barracuda-BRTS-Status: 1 X-Virus-Scanned: by bsmtpd at cudamail.com Cc: Gurucharan Shetty Subject: [ovs-dev] [PATCH 1/2 v2] ovs-vsctl.at: Correct title of SSL test. X-BeenThere: dev@openvswitch.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: dev-bounces@openvswitch.org Sender: "dev" The test claimed to test peer-ca-cert functionality. But the certificate provided via --peer-ca-cert was not actually sent to the peer for bootstrapping. The bootstrapping was successful because cert provided via --certificate was self-signed. Since the test was not really testing the --peer-ca-cert functionality, change the name of the test. We do not have any tests for bootstrapping, so this test is still useful. Signed-off-by: Gurucharan Shetty Acked-by: Ben Pfaff --- tests/ovs-vsctl.at | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/tests/ovs-vsctl.at b/tests/ovs-vsctl.at index f92544f..7664c89 100644 --- a/tests/ovs-vsctl.at +++ b/tests/ovs-vsctl.at @@ -1308,19 +1308,16 @@ AT_CHECK([RUN_OVS_VSCTL([get interface 0fcd11a1-2ba8-4b38-a358-4bccf2bf3057 type OVS_VSCTL_CLEANUP AT_CLEANUP -AT_SETUP([peer ca cert]) +AT_SETUP([bootstrap ca cert]) AT_KEYWORDS([ovs-vsctl ssl]) AT_SKIP_IF([test "$HAVE_OPENSSL" = no]) PKIDIR=`pwd` OVS_PKI="sh $abs_top_srcdir/utilities/ovs-pki.in --dir=$PKIDIR/pki --log=$PKIDIR/ovs-pki.log" -$OVS_PKI -B 1024 init && \ -$OVS_PKI -B 1024 req+sign vsctl switch && \ -$OVS_PKI -B 1024 req ovsdbserver && $OVS_PKI self-sign ovsdbserver +AT_CHECK([$OVS_PKI -B 1024 init && $OVS_PKI -B 1024 req+sign vsctl switch && $OVS_PKI -B 1024 req ovsdbserver && $OVS_PKI self-sign ovsdbserver], [0], [ignore], [ignore]) dnl Create database. -touch .conf.db.~lock~ -AT_CHECK([ovsdb-tool create conf.db $abs_top_srcdir/vswitchd/vswitch.ovsschema]) -AT_CHECK([ovsdb-server --detach --no-chdir --pidfile="`pwd`"/pid --private-key=$PKIDIR/ovsdbserver-privkey.pem --certificate=$PKIDIR/ovsdbserver-cert.pem --ca-cert=$PKIDIR/pki/switchca/cacert.pem --peer-ca-cert=$PKIDIR/ovsdbserver-cert.pem --remote=pssl:0:127.0.0.1 --unixctl="`pwd`"/unixctl --log-file="`pwd`"/ovsdb-server.log conf.db], [0], [ignore], [ignore]) +OVSDB_INIT([conf.db]) +AT_CHECK([ovsdb-server --detach --no-chdir --pidfile="`pwd`"/pid --private-key=$PKIDIR/ovsdbserver-privkey.pem --certificate=$PKIDIR/ovsdbserver-cert.pem --ca-cert=$PKIDIR/pki/switchca/cacert.pem --remote=pssl:0:127.0.0.1 --unixctl="`pwd`"/unixctl --log-file="`pwd`"/ovsdb-server.log conf.db], [0], [ignore], [ignore]) on_exit "kill `cat pid`" SSL_PORT=`parse_listening_port < ovsdb-server.log` @@ -1329,5 +1326,11 @@ AT_CHECK([ovs-vsctl -t 5 --db=ssl:127.0.0.1:$SSL_PORT --private-key=$PKIDIR/vsct # If the bootstrap was successful, the following file should exist. OVS_WAIT_UNTIL([test -e $PKIDIR/cacert.pem]) + +# After bootstrap, the connection should be successful. +AT_CHECK([ovs-vsctl -t 5 --no-wait --db=ssl:127.0.0.1:$SSL_PORT --private-key=$PKIDIR/vsctl-privkey.pem --certificate=$PKIDIR/vsctl-cert.pem --bootstrap-ca-cert=$PKIDIR/cacert.pem add-br br0], [0]) +AT_CHECK([ovs-vsctl -t 5 --no-wait --db=ssl:127.0.0.1:$SSL_PORT --private-key=$PKIDIR/vsctl-privkey.pem --certificate=$PKIDIR/vsctl-cert.pem --bootstrap-ca-cert=$PKIDIR/cacert.pem list-br], [0], [br0 +]) + OVSDB_SERVER_SHUTDOWN AT_CLEANUP