| Message ID | 371707ba4ddeb730d3ddf4a3be955f3805910f0c.camel@cloudandheat.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [ovs-dev,1/2] tests-ovsdb: switch OVSDB_START_IDLTEST to macro | expand |
| Context | Check | Description |
|---|---|---|
| ovsrobot/apply-robot | success | apply and check: success |
| ovsrobot/github-robot-_Build_and_Test | success | github build: passed |
| ovsrobot/intel-ovs-compilation | success | test: success |
On Fri, 2023-05-05 at 14:21 +0200, Stefan Hoffmann wrote: > This tests stream.c and stream.py with ssl connection at > CHECK_STREAM_OPEN_BLOCK. > For the tests, ovsdb needs to be build with libssl. > > Signed-off-by: Stefan Hoffmann <stefan.hoffmann@cloudandheat.com> > --- > tests/ovsdb-idl.at | 41 ++++++++++++++++++++++++++++++++++++----- > tests/test-stream.c | 12 +++++++++++- > tests/test-stream.py | 18 ++++++++++++++++++ > 3 files changed, 65 insertions(+), 6 deletions(-) > > diff --git a/tests/ovsdb-idl.at b/tests/ovsdb-idl.at > index 8b1cdcdf8..a62816636 100644 > --- a/tests/ovsdb-idl.at > +++ b/tests/ovsdb-idl.at > @@ -10,9 +10,20 @@ m4_define([OVSDB_START_IDLTEST], > [ > AT_CHECK([ovsdb-tool create db dnl > m4_if([$2], [], [$abs_srcdir/idltest.ovsschema], [$2])]) > + PKIDIR=$abs_top_builddir/tests > + SSL_FLAGS="" > + REMOTE_STRING="$1" > + REMOTE_PROTOCOL="${REMOTE_STRING::4}" > + if [[ "$REMOTE_PROTOCOL" == "pssl" ]]; then > + SSL_FLAGS="--private-key=$PKIDIR/testpki-privkey2.pem dnl > + --certificate=$PKIDIR/testpki-cert2.pem dnl > + --ca-cert=$PKIDIR/testpki-cacert.pem" > + fi > + #m4_if([$REMOTE_PROTOCOL], [pssl], [--private-key=$PKIDIR/testpki-privkey2.pem --certificate=$PKIDIR/testpki-cert2.pem --ca-cert=$PKIDIR/testpki-cacert.pem], []) dnl I didn't found a proper way to build this using m4_if, as I'm not familiar with it and don't know how to debug here. I guess (but not sure) it's somehow, that $REMOTE_PROTOCOL comes from LISTEN_PROTOCOL, which is defined at CHECK_STREAM_OPEN_BLOCK as "p$PROTOCOL". But also checking $PROTOCOL == ssl doesn't work. Can someone point me to the right direction how to use m4_if here, please? > AT_CHECK([ovsdb-server -vconsole:warn --log-file --detach --no-chdir dnl > --pidfile --remote=punix:socket dnl > - m4_if([$1], [], [], [--remote=$1]) db > + $SSL_FLAGS dnl > + m4_if([$1], [], [], [--remote=$1]) db dnl > ]) > on_exit 'kill `cat ovsdb-server.pid`' > ]) > @@ -2284,14 +2295,28 @@ m4_define([CHECK_STREAM_OPEN_BLOCK], > [AT_SETUP([Check stream open block - $1 - $3]) > AT_SKIP_IF([test "$3" = "tcp6" && test "$IS_WIN32" = "yes"]) > AT_SKIP_IF([test "$3" = "tcp6" && test "$HAVE_IPV6" = "no"]) > + AT_SKIP_IF([test "$3" = "ssl6" && test "$IS_WIN32" = "yes"]) > + AT_SKIP_IF([test "$3" = "ssl6" && test "$HAVE_IPV6" = "no"]) > + AT_SKIP_IF([test "$3" = "ssl" && test "$HAVE_OPENSSL" = "no"]) > + $PYTHON3 -c "import ssl" > + SSL_PRESENT=$? > + AT_SKIP_IF([test "$3" = "ssl" && test $SSL_PRESENT != 0]) > + AT_SKIP_IF([test "$3" = "ssl6" && test "$HAVE_OPENSSL" = "no"]) > + AT_SKIP_IF([test "$3" = "ssl6" && test $SSL_PRESENT != 0]) > AT_KEYWORDS([ovsdb server stream open_block $3]) > - OVSDB_START_IDLTEST(["ptcp:0:$4"]) > + PKIDIR=$abs_top_builddir/tests > + PROTOCOL=$3 > + PROTOCOL=${PROTOCOL::3} > + m4_define([LISTEN_PROTOCOL], [p$PROTOCOL]) > + OVSDB_START_IDLTEST([LISTEN_PROTOCOL:0:$4]) > PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT]) > WRONG_PORT=$(($TCP_PORT + 101)) > - AT_CHECK([$2 tcp:$4:$TCP_PORT], [0], [ignore]) > - AT_CHECK([$2 tcp:$4:$WRONG_PORT], [1], [ignore], [ignore]) > + SSL_KEY_ARGS="$PKIDIR/testpki-privkey.pem $PKIDIR/testpki-cert.pem $PKIDIR/testpki-cacert.pem" > + AT_CHECK([$2 $PROTOCOL:$4:$TCP_PORT $SSL_KEY_ARGS], [0], [ignore]) > + AT_CHECK([$2 $PROTOCOL:$4:$WRONG_PORT $SSL_KEY_ARGS], [1], [ignore], > + [ignore]) > OVSDB_SERVER_SHUTDOWN > - AT_CHECK([$2 tcp:$4:$TCP_PORT], [1], [ignore], [ignore]) > + AT_CHECK([$2 $PROTOCOL:$4:$TCP_PORT $SSL_KEY_ARGS], [1], [ignore], [ignore]) > AT_CLEANUP]) > > CHECK_STREAM_OPEN_BLOCK([C], [test-stream], [tcp], [127.0.0.1]) > @@ -2300,6 +2325,12 @@ CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], > [tcp], [127.0.0.1]) > CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], > [tcp6], [[[::1]]]) > +CHECK_STREAM_OPEN_BLOCK([C], [test-stream], [ssl], [127.0.0.1]) > +CHECK_STREAM_OPEN_BLOCK([C], [test-stream], [ssl6], [[[::1]]]) > +CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], > + [ssl], [127.0.0.1]) > +CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], > + [ssl6], [[[::1]]]) > > # same as OVSDB_CHECK_IDL but uses Python IDL implementation with tcp > # with multiple remotes to assert the idl connects to the leader of the Raft cluster > diff --git a/tests/test-stream.c b/tests/test-stream.c > index 68ce2c544..14e3bfe38 100644 > --- a/tests/test-stream.c > +++ b/tests/test-stream.c > @@ -19,6 +19,7 @@ > #include "fatal-signal.h" > #include "openvswitch/vlog.h" > #include "stream.h" > +#include "stream-ssl.h" > #include "util.h" > > VLOG_DEFINE_THIS_MODULE(test_stream); > @@ -33,7 +34,16 @@ main(int argc, char *argv[]) > set_program_name(argv[0]); > > if (argc < 2) { > - ovs_fatal(0, "usage: %s REMOTE", argv[0]); > + ovs_fatal(0, "usage: %s REMOTE [SSL_KEY] [SSL_CERT] [SSL_CA]", > + argv[0]); > + } > + if (strncmp("ssl:", argv[1], 4) == 0) { > + if (argc < 5) { > + ovs_fatal(0, "usage with ssl: %s REMOTE SSL_KEY SSL_CERT SSL_CA", > + argv[0]); > + } > + stream_ssl_set_ca_cert_file(argv[4], false); > + stream_ssl_set_key_and_cert(argv[2], argv[3]); > } > > error = stream_open_block(stream_open(argv[1], &stream, DSCP_DEFAULT), > diff --git a/tests/test-stream.py b/tests/test-stream.py > index 93d63c019..a6a9c18b2 100644 > --- a/tests/test-stream.py > +++ b/tests/test-stream.py > @@ -15,10 +15,28 @@ > import sys > > import ovs.stream > +import ovs.util > > > def main(argv): > + if len(argv) < 2: > + ovs.util.ovs_fatal(0, > + "usage: %s REMOTE [SSL_KEY] [SSL_CERT] [SSL_CA]", > + argv[0], > + ) > remote = argv[1] > + > + if remote.startswith("ssl:"): > + if len(argv) < 5: > + ovs.util.ovs_fatal( > + 0, > + "usage with ssl: %s REMOTE [SSL_KEY] [SSL_CERT] [SSL_CA]", > + argv[0], > + ) > + ovs.stream.SSLStream.ssl_set_ca_cert_file(argv[4]) > + ovs.stream.SSLStream.ssl_set_certificate_file(argv[3]) > + ovs.stream.SSLStream.ssl_set_private_key_file(argv[2]) > + > err, stream = ovs.stream.Stream.open_block( > ovs.stream.Stream.open(remote), 10000) >
On 5/5/23 14:26, Stefan Hoffmann wrote: > On Fri, 2023-05-05 at 14:21 +0200, Stefan Hoffmann wrote: >> This tests stream.c and stream.py with ssl connection at >> CHECK_STREAM_OPEN_BLOCK. >> For the tests, ovsdb needs to be build with libssl. >> >> Signed-off-by: Stefan Hoffmann <stefan.hoffmann@cloudandheat.com> >> --- >> tests/ovsdb-idl.at | 41 ++++++++++++++++++++++++++++++++++++----- >> tests/test-stream.c | 12 +++++++++++- >> tests/test-stream.py | 18 ++++++++++++++++++ >> 3 files changed, 65 insertions(+), 6 deletions(-) >> >> diff --git a/tests/ovsdb-idl.at b/tests/ovsdb-idl.at >> index 8b1cdcdf8..a62816636 100644 >> --- a/tests/ovsdb-idl.at >> +++ b/tests/ovsdb-idl.at >> @@ -10,9 +10,20 @@ m4_define([OVSDB_START_IDLTEST], >> [ >> AT_CHECK([ovsdb-tool create db dnl >> m4_if([$2], [], [$abs_srcdir/idltest.ovsschema], [$2])]) >> + PKIDIR=$abs_top_builddir/tests >> + SSL_FLAGS="" >> + REMOTE_STRING="$1" >> + REMOTE_PROTOCOL="${REMOTE_STRING::4}" >> + if [[ "$REMOTE_PROTOCOL" == "pssl" ]]; then >> + SSL_FLAGS="--private-key=$PKIDIR/testpki-privkey2.pem dnl >> + --certificate=$PKIDIR/testpki-cert2.pem dnl >> + --ca-cert=$PKIDIR/testpki-cacert.pem" >> + fi >> + #m4_if([$REMOTE_PROTOCOL], [pssl], [--private-key=$PKIDIR/testpki-privkey2.pem --certificate=$PKIDIR/testpki-cert2.pem --ca-cert=$PKIDIR/testpki-cacert.pem], []) dnl > > I didn't found a proper way to build this using m4_if, as I'm not > familiar with it and don't know how to debug here. > I guess (but not sure) it's somehow, that $REMOTE_PROTOCOL comes from > LISTEN_PROTOCOL, which is defined at CHECK_STREAM_OPEN_BLOCK as > "p$PROTOCOL". But also checking $PROTOCOL == ssl doesn't work. > > Can someone point me to the right direction how to use m4_if here, > please? m4_if has to be resolvable at "compile time", i.e. the result has to be known when the test is translated from autotest to shell. And your REMOTE_PROTOCOL is a shell variable, not an m4 definition, so it can't be resolved, it's taken as a literal value. You may try defining REMOTE_PROTOCOL as an m4 macro and use m4_substr to get the protocol value. Note that $REMOTE_STRING in your case is also a shell variable, while $1 is not. So, you can use $1 in m4_if or m4_substr, but you can't use $REMOTE_STRING. Best regards, Ilya Maximets.
On 5/5/23 16:23, Ilya Maximets wrote: > On 5/5/23 14:26, Stefan Hoffmann wrote: >> On Fri, 2023-05-05 at 14:21 +0200, Stefan Hoffmann wrote: >>> This tests stream.c and stream.py with ssl connection at >>> CHECK_STREAM_OPEN_BLOCK. >>> For the tests, ovsdb needs to be build with libssl. >>> >>> Signed-off-by: Stefan Hoffmann <stefan.hoffmann@cloudandheat.com> >>> --- >>> tests/ovsdb-idl.at | 41 ++++++++++++++++++++++++++++++++++++----- >>> tests/test-stream.c | 12 +++++++++++- >>> tests/test-stream.py | 18 ++++++++++++++++++ >>> 3 files changed, 65 insertions(+), 6 deletions(-) >>> >>> diff --git a/tests/ovsdb-idl.at b/tests/ovsdb-idl.at >>> index 8b1cdcdf8..a62816636 100644 >>> --- a/tests/ovsdb-idl.at >>> +++ b/tests/ovsdb-idl.at >>> @@ -10,9 +10,20 @@ m4_define([OVSDB_START_IDLTEST], >>> [ >>> AT_CHECK([ovsdb-tool create db dnl >>> m4_if([$2], [], [$abs_srcdir/idltest.ovsschema], [$2])]) >>> + PKIDIR=$abs_top_builddir/tests >>> + SSL_FLAGS="" >>> + REMOTE_STRING="$1" >>> + REMOTE_PROTOCOL="${REMOTE_STRING::4}" >>> + if [[ "$REMOTE_PROTOCOL" == "pssl" ]]; then >>> + SSL_FLAGS="--private-key=$PKIDIR/testpki-privkey2.pem dnl >>> + --certificate=$PKIDIR/testpki-cert2.pem dnl >>> + --ca-cert=$PKIDIR/testpki-cacert.pem" >>> + fi >>> + #m4_if([$REMOTE_PROTOCOL], [pssl], [--private-key=$PKIDIR/testpki-privkey2.pem --certificate=$PKIDIR/testpki-cert2.pem --ca-cert=$PKIDIR/testpki-cacert.pem], []) dnl >> >> I didn't found a proper way to build this using m4_if, as I'm not >> familiar with it and don't know how to debug here. >> I guess (but not sure) it's somehow, that $REMOTE_PROTOCOL comes from >> LISTEN_PROTOCOL, which is defined at CHECK_STREAM_OPEN_BLOCK as >> "p$PROTOCOL". But also checking $PROTOCOL == ssl doesn't work. >> >> Can someone point me to the right direction how to use m4_if here, >> please? > > m4_if has to be resolvable at "compile time", i.e. the result has > to be known when the test is translated from autotest to shell. > And your REMOTE_PROTOCOL is a shell variable, not an m4 definition, > so it can't be resolved, it's taken as a literal value. > > You may try defining REMOTE_PROTOCOL as an m4 macro and use m4_substr > to get the protocol value. Note that $REMOTE_STRING in your case is > also a shell variable, while $1 is not. So, you can use $1 in > m4_if or m4_substr, but you can't use $REMOTE_STRING. An easier way might be to just pass the protocol and the address as two separate arguments. > > Best regards, Ilya Maximets.
On Fri, 2023-05-05 at 17:27 +0200, Ilya Maximets wrote: > On 5/5/23 16:23, Ilya Maximets wrote: > > On 5/5/23 14:26, Stefan Hoffmann wrote: > > > On Fri, 2023-05-05 at 14:21 +0200, Stefan Hoffmann wrote: > > > > This tests stream.c and stream.py with ssl connection at > > > > CHECK_STREAM_OPEN_BLOCK. > > > > For the tests, ovsdb needs to be build with libssl. > > > > > > > > Signed-off-by: Stefan Hoffmann <stefan.hoffmann@cloudandheat.com> > > > > --- > > > > tests/ovsdb-idl.at | 41 ++++++++++++++++++++++++++++++++++++----- > > > > tests/test-stream.c | 12 +++++++++++- > > > > tests/test-stream.py | 18 ++++++++++++++++++ > > > > 3 files changed, 65 insertions(+), 6 deletions(-) > > > > > > > > diff --git a/tests/ovsdb-idl.at b/tests/ovsdb-idl.at > > > > index 8b1cdcdf8..a62816636 100644 > > > > --- a/tests/ovsdb-idl.at > > > > +++ b/tests/ovsdb-idl.at > > > > @@ -10,9 +10,20 @@ m4_define([OVSDB_START_IDLTEST], > > > > [ > > > > AT_CHECK([ovsdb-tool create db dnl > > > > m4_if([$2], [], [$abs_srcdir/idltest.ovsschema], [$2])]) > > > > + PKIDIR=$abs_top_builddir/tests > > > > + SSL_FLAGS="" > > > > + REMOTE_STRING="$1" > > > > + REMOTE_PROTOCOL="${REMOTE_STRING::4}" > > > > + if [[ "$REMOTE_PROTOCOL" == "pssl" ]]; then > > > > + SSL_FLAGS="--private-key=$PKIDIR/testpki-privkey2.pem dnl > > > > + --certificate=$PKIDIR/testpki-cert2.pem dnl > > > > + --ca-cert=$PKIDIR/testpki-cacert.pem" > > > > + fi > > > > + #m4_if([$REMOTE_PROTOCOL], [pssl], [--private-key=$PKIDIR/testpki-privkey2.pem --certificate=$PKIDIR/testpki-cert2.pem --ca-cert=$PKIDIR/testpki-cacert.pem], []) dnl > > > > > > I didn't found a proper way to build this using m4_if, as I'm not > > > familiar with it and don't know how to debug here. > > > I guess (but not sure) it's somehow, that $REMOTE_PROTOCOL comes from > > > LISTEN_PROTOCOL, which is defined at CHECK_STREAM_OPEN_BLOCK as > > > "p$PROTOCOL". But also checking $PROTOCOL == ssl doesn't work. > > > > > > Can someone point me to the right direction how to use m4_if here, > > > please? > > > > m4_if has to be resolvable at "compile time", i.e. the result has > > to be known when the test is translated from autotest to shell. > > And your REMOTE_PROTOCOL is a shell variable, not an m4 definition, > > so it can't be resolved, it's taken as a literal value. > > > > You may try defining REMOTE_PROTOCOL as an m4 macro and use m4_substr > > to get the protocol value. Note that $REMOTE_STRING in your case is > > also a shell variable, while $1 is not. So, you can use $1 in > > m4_if or m4_substr, but you can't use $REMOTE_STRING. > > An easier way might be to just pass the protocol and the address > as two separate arguments. I tried both ways and would pass one argument REMOTE and use m4_substr to get the protocol. This way I don't need to touch all places the function is called. Also it was hard for me to find proper variable names for the other way, as REMOTE_ADDRESS would contain port:ip... > > > > > Best regards, Ilya Maximets. new patch is on it's way.
diff --git a/tests/ovsdb-idl.at b/tests/ovsdb-idl.at index 8b1cdcdf8..a62816636 100644 --- a/tests/ovsdb-idl.at +++ b/tests/ovsdb-idl.at @@ -10,9 +10,20 @@ m4_define([OVSDB_START_IDLTEST], [ AT_CHECK([ovsdb-tool create db dnl m4_if([$2], [], [$abs_srcdir/idltest.ovsschema], [$2])]) + PKIDIR=$abs_top_builddir/tests + SSL_FLAGS="" + REMOTE_STRING="$1" + REMOTE_PROTOCOL="${REMOTE_STRING::4}" + if [[ "$REMOTE_PROTOCOL" == "pssl" ]]; then + SSL_FLAGS="--private-key=$PKIDIR/testpki-privkey2.pem dnl + --certificate=$PKIDIR/testpki-cert2.pem dnl + --ca-cert=$PKIDIR/testpki-cacert.pem" + fi + #m4_if([$REMOTE_PROTOCOL], [pssl], [--private-key=$PKIDIR/testpki-privkey2.pem --certificate=$PKIDIR/testpki-cert2.pem --ca-cert=$PKIDIR/testpki-cacert.pem], []) dnl AT_CHECK([ovsdb-server -vconsole:warn --log-file --detach --no-chdir dnl --pidfile --remote=punix:socket dnl - m4_if([$1], [], [], [--remote=$1]) db + $SSL_FLAGS dnl + m4_if([$1], [], [], [--remote=$1]) db dnl ]) on_exit 'kill `cat ovsdb-server.pid`' ]) @@ -2284,14 +2295,28 @@ m4_define([CHECK_STREAM_OPEN_BLOCK], [AT_SETUP([Check stream open block - $1 - $3]) AT_SKIP_IF([test "$3" = "tcp6" && test "$IS_WIN32" = "yes"]) AT_SKIP_IF([test "$3" = "tcp6" && test "$HAVE_IPV6" = "no"]) + AT_SKIP_IF([test "$3" = "ssl6" && test "$IS_WIN32" = "yes"]) + AT_SKIP_IF([test "$3" = "ssl6" && test "$HAVE_IPV6" = "no"]) + AT_SKIP_IF([test "$3" = "ssl" && test "$HAVE_OPENSSL" = "no"]) + $PYTHON3 -c "import ssl" + SSL_PRESENT=$? + AT_SKIP_IF([test "$3" = "ssl" && test $SSL_PRESENT != 0]) + AT_SKIP_IF([test "$3" = "ssl6" && test "$HAVE_OPENSSL" = "no"]) + AT_SKIP_IF([test "$3" = "ssl6" && test $SSL_PRESENT != 0]) AT_KEYWORDS([ovsdb server stream open_block $3]) - OVSDB_START_IDLTEST(["ptcp:0:$4"]) + PKIDIR=$abs_top_builddir/tests + PROTOCOL=$3 + PROTOCOL=${PROTOCOL::3} + m4_define([LISTEN_PROTOCOL], [p$PROTOCOL]) + OVSDB_START_IDLTEST([LISTEN_PROTOCOL:0:$4]) PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT]) WRONG_PORT=$(($TCP_PORT + 101)) - AT_CHECK([$2 tcp:$4:$TCP_PORT], [0], [ignore]) - AT_CHECK([$2 tcp:$4:$WRONG_PORT], [1], [ignore], [ignore]) + SSL_KEY_ARGS="$PKIDIR/testpki-privkey.pem $PKIDIR/testpki-cert.pem $PKIDIR/testpki-cacert.pem" + AT_CHECK([$2 $PROTOCOL:$4:$TCP_PORT $SSL_KEY_ARGS], [0], [ignore]) + AT_CHECK([$2 $PROTOCOL:$4:$WRONG_PORT $SSL_KEY_ARGS], [1], [ignore], + [ignore]) OVSDB_SERVER_SHUTDOWN - AT_CHECK([$2 tcp:$4:$TCP_PORT], [1], [ignore], [ignore]) + AT_CHECK([$2 $PROTOCOL:$4:$TCP_PORT $SSL_KEY_ARGS], [1], [ignore], [ignore]) AT_CLEANUP]) CHECK_STREAM_OPEN_BLOCK([C], [test-stream], [tcp], [127.0.0.1]) @@ -2300,6 +2325,12 @@ CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], [tcp], [127.0.0.1]) CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], [tcp6], [[[::1]]]) +CHECK_STREAM_OPEN_BLOCK([C], [test-stream], [ssl], [127.0.0.1]) +CHECK_STREAM_OPEN_BLOCK([C], [test-stream], [ssl6], [[[::1]]]) +CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], + [ssl], [127.0.0.1]) +CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], + [ssl6], [[[::1]]]) # same as OVSDB_CHECK_IDL but uses Python IDL implementation with tcp # with multiple remotes to assert the idl connects to the leader of the Raft cluster diff --git a/tests/test-stream.c b/tests/test-stream.c index 68ce2c544..14e3bfe38 100644 --- a/tests/test-stream.c +++ b/tests/test-stream.c @@ -19,6 +19,7 @@ #include "fatal-signal.h" #include "openvswitch/vlog.h" #include "stream.h" +#include "stream-ssl.h" #include "util.h" VLOG_DEFINE_THIS_MODULE(test_stream); @@ -33,7 +34,16 @@ main(int argc, char *argv[]) set_program_name(argv[0]); if (argc < 2) { - ovs_fatal(0, "usage: %s REMOTE", argv[0]); + ovs_fatal(0, "usage: %s REMOTE [SSL_KEY] [SSL_CERT] [SSL_CA]", + argv[0]); + } + if (strncmp("ssl:", argv[1], 4) == 0) { + if (argc < 5) { + ovs_fatal(0, "usage with ssl: %s REMOTE SSL_KEY SSL_CERT SSL_CA", + argv[0]); + } + stream_ssl_set_ca_cert_file(argv[4], false); + stream_ssl_set_key_and_cert(argv[2], argv[3]); } error = stream_open_block(stream_open(argv[1], &stream, DSCP_DEFAULT), diff --git a/tests/test-stream.py b/tests/test-stream.py index 93d63c019..a6a9c18b2 100644 --- a/tests/test-stream.py +++ b/tests/test-stream.py @@ -15,10 +15,28 @@ import sys import ovs.stream +import ovs.util def main(argv): + if len(argv) < 2: + ovs.util.ovs_fatal(0, + "usage: %s REMOTE [SSL_KEY] [SSL_CERT] [SSL_CA]", + argv[0], + ) remote = argv[1] + + if remote.startswith("ssl:"): + if len(argv) < 5: + ovs.util.ovs_fatal( + 0, + "usage with ssl: %s REMOTE [SSL_KEY] [SSL_CERT] [SSL_CA]", + argv[0], + ) + ovs.stream.SSLStream.ssl_set_ca_cert_file(argv[4]) + ovs.stream.SSLStream.ssl_set_certificate_file(argv[3]) + ovs.stream.SSLStream.ssl_set_private_key_file(argv[2]) + err, stream = ovs.stream.Stream.open_block( ovs.stream.Stream.open(remote), 10000)
This tests stream.c and stream.py with ssl connection at CHECK_STREAM_OPEN_BLOCK. For the tests, ovsdb needs to be build with libssl. Signed-off-by: Stefan Hoffmann <stefan.hoffmann@cloudandheat.com> --- tests/ovsdb-idl.at | 41 ++++++++++++++++++++++++++++++++++++----- tests/test-stream.c | 12 +++++++++++- tests/test-stream.py | 18 ++++++++++++++++++ 3 files changed, 65 insertions(+), 6 deletions(-)