From patchwork Thu May 13 21:33:10 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Han Zhou X-Patchwork-Id: 1478214 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Fh4fB4WvZz9sWW for ; Fri, 14 May 2021 07:33:38 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 0FEFB607D0; Thu, 13 May 2021 21:33:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZN7HoWF-9CXq; Thu, 13 May 2021 21:33:31 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp3.osuosl.org (Postfix) with ESMTP id 4EE3D60637; Thu, 13 May 2021 21:33:30 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id 2443BC000E; Thu, 13 May 2021 21:33:30 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136]) by lists.linuxfoundation.org (Postfix) with ESMTP id 81D76C0001 for ; Thu, 13 May 2021 21:33:28 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp3.osuosl.org (Postfix) with ESMTP id 62F00606ED for ; Thu, 13 May 2021 21:33:28 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp3.osuosl.org ([127.0.0.1]) by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b7goKDjXdj-I for ; Thu, 13 May 2021 21:33:27 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by smtp3.osuosl.org (Postfix) with ESMTPS id 0FB3660637 for ; Thu, 13 May 2021 21:33:26 +0000 (UTC) X-Originating-IP: 216.228.112.22 Received: from localhost.localdomain.com (thunderhill.nvidia.com [216.228.112.22]) (Authenticated sender: hzhou@ovn.org) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id D63C940008; Thu, 13 May 2021 21:33:22 +0000 (UTC) From: Han Zhou To: dev@openvswitch.org Date: Thu, 13 May 2021 14:33:10 -0700 Message-Id: <20210513213311.1870647-1-hzhou@ovn.org> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Subject: [ovs-dev] [PATCH 1/2] stream-ssl.c: Fix stream_ssl_set_key_and_cert. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" From the description of this interface, one of the problems it tries to solve is when one of the files is changed before the other: * But, if the private * key is changed before the certificate (e.g. someone "scp"s or "mv"s the new * private key in place before the certificate), then OpenSSL would reject that * change, and then the change of certificate would succeed, but there would be * no associated private key (because it had only changed once and therefore * there was no point in re-reading it). * This function avoids both problems by, whenever either the certificate or * the private key file changes, re-reading both of them ... However, in the implement it used "&&" instead of "||", and so it was in fact re-reading both of them only when both are changed. This patch fixes it by using "||". Reported-by: Girish Moodalbail Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2020-December/050859.html Signed-off-by: Han Zhou --- lib/stream-ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index 078fcbc3a..e67ccb4bd 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -1215,7 +1215,7 @@ stream_ssl_set_key_and_cert(const char *private_key_file, const char *certificate_file) { if (update_ssl_config(&private_key, private_key_file) - && update_ssl_config(&certificate, certificate_file)) { + || update_ssl_config(&certificate, certificate_file)) { stream_ssl_set_certificate_file__(certificate_file); stream_ssl_set_private_key_file__(private_key_file); } From patchwork Thu May 13 21:33:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Han Zhou X-Patchwork-Id: 1478213 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=openvswitch.org (client-ip=140.211.166.138; helo=smtp1.osuosl.org; envelope-from=ovs-dev-bounces@openvswitch.org; receiver=) Received: from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Fh4f83M9xz9sWW for ; Fri, 14 May 2021 07:33:36 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by smtp1.osuosl.org (Postfix) with ESMTP id 80D9383E2E; Thu, 13 May 2021 21:33:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp1.osuosl.org ([127.0.0.1]) by localhost (smtp1.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ra-qUYy5_4cE; Thu, 13 May 2021 21:33:33 +0000 (UTC) Received: from lists.linuxfoundation.org (lf-lists.osuosl.org [140.211.9.56]) by smtp1.osuosl.org (Postfix) with ESMTP id B0FE183E0D; Thu, 13 May 2021 21:33:32 +0000 (UTC) Received: from lf-lists.osuosl.org (localhost [127.0.0.1]) by lists.linuxfoundation.org (Postfix) with ESMTP id E1468C0023; Thu, 13 May 2021 21:33:30 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@lists.linuxfoundation.org Received: from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137]) by lists.linuxfoundation.org (Postfix) with ESMTP id 8BAF6C000E for ; Thu, 13 May 2021 21:33:28 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by smtp4.osuosl.org (Postfix) with ESMTP id 75E1F41504 for ; Thu, 13 May 2021 21:33:28 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from smtp4.osuosl.org ([127.0.0.1]) by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BFVXJZdr_Udh for ; Thu, 13 May 2021 21:33:27 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0 Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by smtp4.osuosl.org (Postfix) with ESMTPS id 9210B41502 for ; Thu, 13 May 2021 21:33:26 +0000 (UTC) X-Originating-IP: 216.228.112.22 Received: from localhost.localdomain.com (thunderhill.nvidia.com [216.228.112.22]) (Authenticated sender: hzhou@ovn.org) by relay2-d.mail.gandi.net (Postfix) with ESMTPSA id A467740002; Thu, 13 May 2021 21:33:24 +0000 (UTC) From: Han Zhou To: dev@openvswitch.org Date: Thu, 13 May 2021 14:33:11 -0700 Message-Id: <20210513213311.1870647-2-hzhou@ovn.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210513213311.1870647-1-hzhou@ovn.org> References: <20210513213311.1870647-1-hzhou@ovn.org> MIME-Version: 1.0 Subject: [ovs-dev] [PATCH 2/2] stream-ssl.c: Fix the comment of stream_ssl_set_ca_cert_file. X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" Signed-off-by: Han Zhou --- lib/stream-ssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index e67ccb4bd..6a515e465 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -1448,7 +1448,7 @@ stream_ssl_set_ca_cert_file__(const char *file_name, /* Sets 'file_name' as the name of the file from which to read the CA * certificate used to verify the peer within SSL connections. If 'bootstrap' - * is false, the file must exist. If 'bootstrap' is false, then the file is + * is false, the file must exist. If 'bootstrap' is true, then the file is * read if it is exists; if it does not, then it will be created from the CA * certificate received from the peer on the first SSL connection. */ void