@@ -1310,7 +1310,7 @@ AT_CHECK([RUN_OVS_VSCTL([get interface 0fcd11a1-2ba8-4b38-a358-4bccf2bf3057 type
OVS_VSCTL_CLEANUP
AT_CLEANUP
-AT_SETUP([peer ca cert])
+AT_SETUP([bootstrap ca cert])
AT_KEYWORDS([ovs-vsctl ssl])
AT_SKIP_IF([test "$HAVE_OPENSSL" = no])
PKIDIR=`pwd`
@@ -1320,9 +1320,8 @@ $OVS_PKI -B 1024 req+sign vsctl switch && \
$OVS_PKI -B 1024 req ovsdbserver && $OVS_PKI self-sign ovsdbserver
dnl Create database.
-touch .conf.db.~lock~
-AT_CHECK([ovsdb-tool create conf.db $abs_top_srcdir/vswitchd/vswitch.ovsschema])
-AT_CHECK([ovsdb-server --detach --no-chdir --pidfile="`pwd`"/pid --private-key=$PKIDIR/ovsdbserver-privkey.pem --certificate=$PKIDIR/ovsdbserver-cert.pem --ca-cert=$PKIDIR/pki/switchca/cacert.pem --peer-ca-cert=$PKIDIR/ovsdbserver-cert.pem --remote=pssl:0:127.0.0.1 --unixctl="`pwd`"/unixctl --log-file="`pwd`"/ovsdb-server.log conf.db], [0], [ignore], [ignore])
+OVSDB_INIT([conf.db])
+AT_CHECK([ovsdb-server --detach --no-chdir --pidfile="`pwd`"/pid --private-key=$PKIDIR/ovsdbserver-privkey.pem --certificate=$PKIDIR/ovsdbserver-cert.pem --ca-cert=$PKIDIR/pki/switchca/cacert.pem --remote=pssl:0:127.0.0.1 --unixctl="`pwd`"/unixctl --log-file="`pwd`"/ovsdb-server.log conf.db], [0], [ignore], [ignore])
ON_EXIT_UNQUOTED([kill `cat pid`])
SSL_PORT=`parse_listening_port < ovsdb-server.log`
@@ -1331,5 +1330,9 @@ AT_CHECK([ovs-vsctl -t 5 --db=ssl:127.0.0.1:$SSL_PORT --private-key=$PKIDIR/vsct
# If the bootstrap was successful, the following file should exist.
OVS_WAIT_UNTIL([test -e $PKIDIR/cacert.pem])
+
+# After bootstrap, the connection should be successful.
+AT_CHECK([ovs-vsctl -t 5 --db=ssl:127.0.0.1:$SSL_PORT --private-key=$PKIDIR/vsctl-privkey.pem --certificate=$PKIDIR/vsctl-cert.pem --bootstrap-ca-cert=$PKIDIR/cacert.pem show], [0], [ignore], [ignore])
+
OVSDB_SERVER_SHUTDOWN
AT_CLEANUP
The test claimed to test peer-ca-cert functionality. But the certificate provided via --peer-ca-cert was not actually sent to the peer for bootstrapping. The bootstrapping was successful because cert provided via --certificate was self-signed. Since the test was not really testing the --peer-ca-cert functionality, change the name of the test. We do not have any tests for bootstrapping, so this test is still useful. Signed-off-by: Gurucharan Shetty <gshetty@nicira.com> --- tests/ovs-vsctl.at | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)