[ovs-dev,1/2] ovs-vsctl.at: Change a ssl test.
diff mbox

Message ID 1441224160-11790-1-git-send-email-gshetty@nicira.com
State Changes Requested
Headers show

Commit Message

Gurucharan Shetty Sept. 2, 2015, 8:02 p.m. UTC
The test claimed to test peer-ca-cert functionality. But the
certificate provided via --peer-ca-cert was not actually sent
to the peer for bootstrapping. The bootstrapping was successful
because cert provided via --certificate was self-signed. Since the test
was not really testing the --peer-ca-cert functionality, change
the name of the test. We do not have any tests for bootstrapping,
so this test is still useful.

Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>
---
 tests/ovs-vsctl.at |   11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

Comments

Ben Pfaff Sept. 8, 2015, 10:30 p.m. UTC | #1
On Wed, Sep 02, 2015 at 01:02:38PM -0700, Gurucharan Shetty wrote:
> The test claimed to test peer-ca-cert functionality. But the
> certificate provided via --peer-ca-cert was not actually sent
> to the peer for bootstrapping. The bootstrapping was successful
> because cert provided via --certificate was self-signed. Since the test
> was not really testing the --peer-ca-cert functionality, change
> the name of the test. We do not have any tests for bootstrapping,
> so this test is still useful.
> 
> Signed-off-by: Gurucharan Shetty <gshetty@nicira.com>

How about improving the title of the patch, maybe something like
"Correct title of SSL test"?

Acked-by: Ben Pfaff <blp@nicira.com>

Patch
diff mbox

diff --git a/tests/ovs-vsctl.at b/tests/ovs-vsctl.at
index fef7b88..cbfa6c2 100644
--- a/tests/ovs-vsctl.at
+++ b/tests/ovs-vsctl.at
@@ -1310,7 +1310,7 @@  AT_CHECK([RUN_OVS_VSCTL([get interface 0fcd11a1-2ba8-4b38-a358-4bccf2bf3057 type
 OVS_VSCTL_CLEANUP
 AT_CLEANUP
 
-AT_SETUP([peer ca cert])
+AT_SETUP([bootstrap ca cert])
 AT_KEYWORDS([ovs-vsctl ssl])
 AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
 PKIDIR=`pwd`
@@ -1320,9 +1320,8 @@  $OVS_PKI -B 1024 req+sign vsctl switch && \
 $OVS_PKI -B 1024 req ovsdbserver && $OVS_PKI self-sign ovsdbserver
 
 dnl Create database.
-touch .conf.db.~lock~
-AT_CHECK([ovsdb-tool create conf.db $abs_top_srcdir/vswitchd/vswitch.ovsschema])
-AT_CHECK([ovsdb-server --detach --no-chdir --pidfile="`pwd`"/pid --private-key=$PKIDIR/ovsdbserver-privkey.pem --certificate=$PKIDIR/ovsdbserver-cert.pem --ca-cert=$PKIDIR/pki/switchca/cacert.pem --peer-ca-cert=$PKIDIR/ovsdbserver-cert.pem --remote=pssl:0:127.0.0.1 --unixctl="`pwd`"/unixctl --log-file="`pwd`"/ovsdb-server.log conf.db], [0], [ignore], [ignore])
+OVSDB_INIT([conf.db])
+AT_CHECK([ovsdb-server --detach --no-chdir --pidfile="`pwd`"/pid --private-key=$PKIDIR/ovsdbserver-privkey.pem --certificate=$PKIDIR/ovsdbserver-cert.pem --ca-cert=$PKIDIR/pki/switchca/cacert.pem --remote=pssl:0:127.0.0.1 --unixctl="`pwd`"/unixctl --log-file="`pwd`"/ovsdb-server.log conf.db], [0], [ignore], [ignore])
 ON_EXIT_UNQUOTED([kill `cat pid`])
 SSL_PORT=`parse_listening_port < ovsdb-server.log`
 
@@ -1331,5 +1330,9 @@  AT_CHECK([ovs-vsctl -t 5 --db=ssl:127.0.0.1:$SSL_PORT --private-key=$PKIDIR/vsct
 
 # If the bootstrap was successful, the following file should exist.
 OVS_WAIT_UNTIL([test -e $PKIDIR/cacert.pem])
+
+# After bootstrap, the connection should be successful.
+AT_CHECK([ovs-vsctl -t 5 --db=ssl:127.0.0.1:$SSL_PORT --private-key=$PKIDIR/vsctl-privkey.pem --certificate=$PKIDIR/vsctl-cert.pem --bootstrap-ca-cert=$PKIDIR/cacert.pem show], [0], [ignore], [ignore])
+
 OVSDB_SERVER_SHUTDOWN
 AT_CLEANUP