On Wed, Sep 02, 2015 at 01:02:39PM -0700, Gurucharan Shetty wrote:
> When --certificate option is provided, we currently use
> SSL_CTX_use_certificate_chain_file() function to add
> that certificate. If our single certificate file had multiple
> certificates (as a chain), all of them would get added and sent
> to the remote peer. But once you call
> SSL_CTX_use_certificate_chain_file(), any future calls to
> SSL_CTX_add_extra_chain_cert() (called when --peer-ca-cert option
> is used) had no effect.
>
> Since our man pages and INSTALL.SSL.md say that --certificate
> is used to specify one certificate and additional certificates
> are sent via --peer-ca-cert, this commit changes
> SSL_CTX_use_certificate_chain_file() use to
> SSL_CTX_use_certificate_file(). With this, additional certificates
> can now be added via --peer-ca-cert option.
>
> The test case added with this commit would fail without the
> above changes.
>
> Signed-off-by: Gurucharan Shetty <gshe...@nicira.com>
The use of "command pwd" is puzzling here, does it have something to do
with Windows? But I thought we'd fixed the problem that ovs-pki had
with Windows, so is it necessary?
+AT_SETUP([peer ca cert])
+AT_KEYWORDS([ovs-vsctl ssl])
+AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
+PKIDIR=`command pwd`
The &&s and \s here are a little puzzling too. Do they do something
useful? (Should we be checking return values by using AT_CHECK?)
$OVS_PKI -B 1024 init && \
$OVS_PKI -B 1024 req+sign vsctl switch && \
$OVS_PKI -B 1024 req+sign ovsdbserver controller
I see why the initial execution of ovs-vsctl ignores the output, but
could the post-bootstrap connection check the output? It would be a
better test if it did.
Thanks,
Ben.
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev
