[ovs-discuss] Unable to setup TLS

Mon, 01 Feb 2016 07:59:38 -0800 

Hello,

I am stuck in my attempts to use a TLS connection for communication between my 
whitebox switch and controller.  I have no problems establishing a connection 
over plain TCP.

[OpenFlow switch]
EdgeCore 4600-54T
OS: PICA8 OS 3.4.81
Open vSwitch 2.0.90
OpenSSL 1.0.1c 10 May 2012 (Library: OpenSSL 1.0.1g 7 Apr 2014)
IP Address: 10.0.0.1

[Controller]
OS: CentOS 7
Python version 2.7.10
Ryu version 3.29
OpenSSL 1.0.1g 7 Apr 2014
IP Address: 10.0.0.4

I followed these instructions:
https://ryu.readthedocs.org/en/latest/tls.html

After I complete the last step to start ryu, I get the following error:
loading app ryu.controller.ofp_handler
instantiating app ryu.controller.ofp_handler of OFPHandler BRICK ofp_event
  CONSUMES EventOFPSwitchFeatures
  CONSUMES EventOFPEchoRequest
  CONSUMES EventOFPPortDescStatsReply
  CONSUMES EventOFPErrorMsg
  CONSUMES EventOFPHello
hub: uncaught exception: Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ryu/lib/hub.py", line 52, in _launch
    func(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/ryu/lib/hub.py", line 112, in 
wrap_and_handle
    handle(ssl.wrap_socket(sock, **ssl_args), addr)
  File "/usr/lib/python2.7/site-packages/eventlet/green/ssl.py", line 345, in 
wrap_socket
    return GreenSSLSocket(sock, *a, **kw)
  File "/usr/lib/python2.7/site-packages/eventlet/green/ssl.py", line 67, in 
__init__
    ca_certs, do_handshake_on_connect and six.PY2, *args, **kw)
  File "/usr/lib64/python2.7/ssl.py", line 588, in __init__
    self.do_handshake()
  File "/usr/lib/python2.7/site-packages/eventlet/green/ssl.py", line 243, in 
do_handshake
    super(GreenSSLSocket, self).do_handshake)
  File "/usr/lib/python2.7/site-packages/eventlet/green/ssl.py", line 112, in 
_call_trampolining
    return func(*a, **kw)
  File "/usr/lib64/python2.7/ssl.py", line 810, in do_handshake
    self._sslobj.do_handshake()
SSLError: [SSL: NO_CERTIFICATE_RETURNED] no certificate returned (_ssl.c:765)

Based on the error, it looks like Open vSwitch isn't doing its part of the TLS 
handshake.  If anybody has seen this error before or could point me in the 
right direction, I'd greatly appreciate it.

I have attached a screenshot of a wireshark capture that shows the attempted 
handshake.

Thanks


_______________________________________________
discuss mailing list
discuss@openvswitch.org
http://openvswitch.org/mailman/listinfo/discuss

Reply via email to