On Tue, Sep 8, 2015 at 3:36 PM, Ben Pfaff <b...@nicira.com> wrote: > On Wed, Sep 02, 2015 at 01:02:39PM -0700, Gurucharan Shetty wrote: >> When --certificate option is provided, we currently use >> SSL_CTX_use_certificate_chain_file() function to add >> that certificate. If our single certificate file had multiple >> certificates (as a chain), all of them would get added and sent >> to the remote peer. But once you call >> SSL_CTX_use_certificate_chain_file(), any future calls to >> SSL_CTX_add_extra_chain_cert() (called when --peer-ca-cert option >> is used) had no effect. >> >> Since our man pages and INSTALL.SSL.md say that --certificate >> is used to specify one certificate and additional certificates >> are sent via --peer-ca-cert, this commit changes >> SSL_CTX_use_certificate_chain_file() use to >> SSL_CTX_use_certificate_file(). With this, additional certificates >> can now be added via --peer-ca-cert option. >> >> The test case added with this commit would fail without the >> above changes. >> >> Signed-off-by: Gurucharan Shetty <gshe...@nicira.com> > > The use of "command pwd" is puzzling here, does it have something to do > with Windows? But I thought we'd fixed the problem that ovs-pki had > with Windows, so is it necessary?
Ugh, I had this test in my tree before the ovs-pki fix went in, and I forgot. > > +AT_SETUP([peer ca cert]) > +AT_KEYWORDS([ovs-vsctl ssl]) > +AT_SKIP_IF([test "$HAVE_OPENSSL" = no]) > +PKIDIR=`command pwd` > > The &&s and \s here are a little puzzling too. Do they do something > useful? (Should we be checking return values by using AT_CHECK?) > > $OVS_PKI -B 1024 init && \ > $OVS_PKI -B 1024 req+sign vsctl switch && \ > $OVS_PKI -B 1024 req+sign ovsdbserver controller I will do that. > > I see why the initial execution of ovs-vsctl ignores the output, but > could the post-bootstrap connection check the output? It would be a > better test if it did. I will do this. This also has to be done for the previous patch. So I will resend the series. > > Thanks, > > Ben. _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev
