diff mbox series

[ovs-dev,v2] ovs-monitor-ipsec: set correct 'leftcert' and 'rightcert' name

Message ID 20201224125938.1485867-1-mark.d.gray@redhat.com
State Accepted
Headers show
Series [ovs-dev,v2] ovs-monitor-ipsec: set correct 'leftcert' and 'rightcert' name | expand

Commit Message

Mark Gray Dec. 24, 2020, 12:59 p.m. UTC 
In Libreswan case, 'ovs-monitor-ipsec' incorrectly configures
'leftcert' and 'rightcert' names for self-signed certificates.
This patch resolves that.

Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1906280
Signed-off-by: Mark Gray <mark.d.gray@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
---
v2:  Added "Reported-at" tag

 ipsec/ovs-monitor-ipsec.in | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

Comments

Flavio Leitner Dec. 24, 2020, 7:41 p.m. UTC | #1 
On Thu, Dec 24, 2020 at 07:59:38AM -0500, Mark Gray wrote:
> In Libreswan case, 'ovs-monitor-ipsec' incorrectly configures
> 'leftcert' and 'rightcert' names for self-signed certificates.
> This patch resolves that.
> 
> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1906280
> Signed-off-by: Mark Gray <mark.d.gray@redhat.com>
> Acked-by: Eelco Chaudron <echaudro@redhat.com>
> ---

Acked-by: Flavio Leitner <fbl@sysclose.org>
Ilya Maximets Jan. 5, 2021, 8:26 p.m. UTC | #2 
On 12/24/20 8:41 PM, Flavio Leitner wrote:
> On Thu, Dec 24, 2020 at 07:59:38AM -0500, Mark Gray wrote:
>> In Libreswan case, 'ovs-monitor-ipsec' incorrectly configures
>> 'leftcert' and 'rightcert' names for self-signed certificates.
>> This patch resolves that.
>>
>> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1906280
>> Signed-off-by: Mark Gray <mark.d.gray@redhat.com>
>> Acked-by: Eelco Chaudron <echaudro@redhat.com>
>> ---
> 
> Acked-by: Flavio Leitner <fbl@sysclose.org>
> 

Thanks!

Applied to master and backported down to 2.13.

Best regards, Ilya Maximets.
diff mbox series

Patch

diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
index b84608a55d8a..744d3b5f7d9c 100755
--- a/ipsec/ovs-monitor-ipsec.in
+++ b/ipsec/ovs-monitor-ipsec.in
@@ -424,8 +424,8 @@  conn prevent_unencrypted_vxlan
     right=$remote_ip
     leftid=@$local_name
     rightid=@$remote_name
-    leftcert="$local_name"
-    rightcert="$remote_name"
+    leftcert="ovs_certkey_$local_name"
+    rightcert="ovs_cert_$remote_name"
     leftrsasigkey=%cert"""),
                  "pki_ca": Template("""\
     left=%defaultroute
@@ -686,7 +686,7 @@  conn prevent_unencrypted_vxlan
             if proc.returncode:
                 raise Exception(proc.stderr.read())
         except Exception as e:
-            vlog.err("Failed to import ceretificate into NSS.\n" + str(e))
+            vlog.err("Failed to import certificate into NSS.\n" + str(e))
 
     def _nss_delete_cert(self, name):
         try:
@@ -698,7 +698,7 @@  conn prevent_unencrypted_vxlan
             if proc.returncode:
                 raise Exception(proc.stderr.read())
         except Exception as e:
-            vlog.err("Failed to delete ceretificate from NSS.\n" + str(e))
+            vlog.err("Failed to delete certificate from NSS.\n" + str(e))
 
     def _nss_import_cert_and_key(self, cert, key, name):
         try: