Message ID | 20201224125938.1485867-1-mark.d.gray@redhat.com |
---|---|
State | Accepted |
Headers | show |
Series | [ovs-dev,v2] ovs-monitor-ipsec: set correct 'leftcert' and 'rightcert' name | expand |
On Thu, Dec 24, 2020 at 07:59:38AM -0500, Mark Gray wrote: > In Libreswan case, 'ovs-monitor-ipsec' incorrectly configures > 'leftcert' and 'rightcert' names for self-signed certificates. > This patch resolves that. > > Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1906280 > Signed-off-by: Mark Gray <mark.d.gray@redhat.com> > Acked-by: Eelco Chaudron <echaudro@redhat.com> > --- Acked-by: Flavio Leitner <fbl@sysclose.org>
On 12/24/20 8:41 PM, Flavio Leitner wrote: > On Thu, Dec 24, 2020 at 07:59:38AM -0500, Mark Gray wrote: >> In Libreswan case, 'ovs-monitor-ipsec' incorrectly configures >> 'leftcert' and 'rightcert' names for self-signed certificates. >> This patch resolves that. >> >> Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1906280 >> Signed-off-by: Mark Gray <mark.d.gray@redhat.com> >> Acked-by: Eelco Chaudron <echaudro@redhat.com> >> --- > > Acked-by: Flavio Leitner <fbl@sysclose.org> > Thanks! Applied to master and backported down to 2.13. Best regards, Ilya Maximets.
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index b84608a55d8a..744d3b5f7d9c 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -424,8 +424,8 @@ conn prevent_unencrypted_vxlan right=$remote_ip leftid=@$local_name rightid=@$remote_name - leftcert="$local_name" - rightcert="$remote_name" + leftcert="ovs_certkey_$local_name" + rightcert="ovs_cert_$remote_name" leftrsasigkey=%cert"""), "pki_ca": Template("""\ left=%defaultroute @@ -686,7 +686,7 @@ conn prevent_unencrypted_vxlan if proc.returncode: raise Exception(proc.stderr.read()) except Exception as e: - vlog.err("Failed to import ceretificate into NSS.\n" + str(e)) + vlog.err("Failed to import certificate into NSS.\n" + str(e)) def _nss_delete_cert(self, name): try: @@ -698,7 +698,7 @@ conn prevent_unencrypted_vxlan if proc.returncode: raise Exception(proc.stderr.read()) except Exception as e: - vlog.err("Failed to delete ceretificate from NSS.\n" + str(e)) + vlog.err("Failed to delete certificate from NSS.\n" + str(e)) def _nss_import_cert_and_key(self, cert, key, name): try: