From 3d5b9d7843e9cf9ed7cc865ea10701cb186798d5 Mon Sep 17 00:00:00 2001 From: Gurucharan Shetty Date: Fri, 28 Aug 2015 14:25:47 -0700 Subject: [PATCH] ovs-vsctl.at: Correct title of SSL test. The test claimed to test peer-ca-cert functionality. But the certificate provided via --peer-ca-cert was not actually sent to the peer for bootstrapping. The bootstrapping was successful because cert provided via --certificate was self-signed. Since the test was not really testing the --peer-ca-cert functionality, change the name of the test. We do not have any tests for bootstrapping, so this test is still useful. Signed-off-by: Gurucharan Shetty Acked-by: Ben Pfaff --- tests/ovs-vsctl.at | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/tests/ovs-vsctl.at b/tests/ovs-vsctl.at index f92544f2d..7664c894b 100644 --- a/tests/ovs-vsctl.at +++ b/tests/ovs-vsctl.at @@ -1308,19 +1308,16 @@ AT_CHECK([RUN_OVS_VSCTL([get interface 0fcd11a1-2ba8-4b38-a358-4bccf2bf3057 type OVS_VSCTL_CLEANUP AT_CLEANUP -AT_SETUP([peer ca cert]) +AT_SETUP([bootstrap ca cert]) AT_KEYWORDS([ovs-vsctl ssl]) AT_SKIP_IF([test "$HAVE_OPENSSL" = no]) PKIDIR=`pwd` OVS_PKI="sh $abs_top_srcdir/utilities/ovs-pki.in --dir=$PKIDIR/pki --log=$PKIDIR/ovs-pki.log" -$OVS_PKI -B 1024 init && \ -$OVS_PKI -B 1024 req+sign vsctl switch && \ -$OVS_PKI -B 1024 req ovsdbserver && $OVS_PKI self-sign ovsdbserver +AT_CHECK([$OVS_PKI -B 1024 init && $OVS_PKI -B 1024 req+sign vsctl switch && $OVS_PKI -B 1024 req ovsdbserver && $OVS_PKI self-sign ovsdbserver], [0], [ignore], [ignore]) dnl Create database. -touch .conf.db.~lock~ -AT_CHECK([ovsdb-tool create conf.db $abs_top_srcdir/vswitchd/vswitch.ovsschema]) -AT_CHECK([ovsdb-server --detach --no-chdir --pidfile="`pwd`"/pid --private-key=$PKIDIR/ovsdbserver-privkey.pem --certificate=$PKIDIR/ovsdbserver-cert.pem --ca-cert=$PKIDIR/pki/switchca/cacert.pem --peer-ca-cert=$PKIDIR/ovsdbserver-cert.pem --remote=pssl:0:127.0.0.1 --unixctl="`pwd`"/unixctl --log-file="`pwd`"/ovsdb-server.log conf.db], [0], [ignore], [ignore]) +OVSDB_INIT([conf.db]) +AT_CHECK([ovsdb-server --detach --no-chdir --pidfile="`pwd`"/pid --private-key=$PKIDIR/ovsdbserver-privkey.pem --certificate=$PKIDIR/ovsdbserver-cert.pem --ca-cert=$PKIDIR/pki/switchca/cacert.pem --remote=pssl:0:127.0.0.1 --unixctl="`pwd`"/unixctl --log-file="`pwd`"/ovsdb-server.log conf.db], [0], [ignore], [ignore]) on_exit "kill `cat pid`" SSL_PORT=`parse_listening_port < ovsdb-server.log` @@ -1329,5 +1326,11 @@ AT_CHECK([ovs-vsctl -t 5 --db=ssl:127.0.0.1:$SSL_PORT --private-key=$PKIDIR/vsct # If the bootstrap was successful, the following file should exist. OVS_WAIT_UNTIL([test -e $PKIDIR/cacert.pem]) + +# After bootstrap, the connection should be successful. +AT_CHECK([ovs-vsctl -t 5 --no-wait --db=ssl:127.0.0.1:$SSL_PORT --private-key=$PKIDIR/vsctl-privkey.pem --certificate=$PKIDIR/vsctl-cert.pem --bootstrap-ca-cert=$PKIDIR/cacert.pem add-br br0], [0]) +AT_CHECK([ovs-vsctl -t 5 --no-wait --db=ssl:127.0.0.1:$SSL_PORT --private-key=$PKIDIR/vsctl-privkey.pem --certificate=$PKIDIR/vsctl-cert.pem --bootstrap-ca-cert=$PKIDIR/cacert.pem list-br], [0], [br0 +]) + OVSDB_SERVER_SHUTDOWN AT_CLEANUP -- 2.20.1