mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-08-22 09:58:01 +00:00
Code Issues Releases Wiki Activity

test-stream: Add ssl tests for stream open block.

Browse Source 
This tests stream.c and stream.py with ssl connection at
CHECK_STREAM_OPEN_BLOCK.
For the tests, ovsdb needs to be build with libssl.

Signed-off-by: Stefan Hoffmann <stefan.hoffmann@cloudandheat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
This commit is contained in:
Stefan Hoffmann 2023-05-11 15:38:50 +02:00 committed by Ilya Maximets
parent f3f3be682d
commit 965c2955e6
3 changed files with 56 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
tests/ovsdb-idl.at
View File

@ -28,8 +28,13 @@ m4_define([OVSDB_START_IDLTEST],
[ [
AT_CHECK([ovsdb-tool create db dnl AT_CHECK([ovsdb-tool create db dnl
m4_if([$2], [], [$abs_srcdir/idltest.ovsschema], [$2])]) m4_if([$2], [], [$abs_srcdir/idltest.ovsschema], [$2])])
PKIDIR=$abs_top_builddir/tests
AT_CHECK([ovsdb-server -vconsole:warn --log-file --detach --no-chdir dnl AT_CHECK([ovsdb-server -vconsole:warn --log-file --detach --no-chdir dnl
--pidfile --remote=punix:socket dnl --pidfile --remote=punix:socket dnl
m4_if(m4_substr($1, 0, 5), [pssl:],
[--private-key=$PKIDIR/testpki-privkey2.pem dnl
--certificate=$PKIDIR/testpki-cert2.pem dnl
--ca-cert=$PKIDIR/testpki-cacert.pem], []) dnl
m4_if([$1], [], [], [--remote=$1]) db dnl m4_if([$1], [], [], [--remote=$1]) db dnl
]) ])
on_exit 'kill `cat ovsdb-server.pid`' on_exit 'kill `cat ovsdb-server.pid`'
@ -2286,14 +2291,26 @@ m4_define([CHECK_STREAM_OPEN_BLOCK],
[AT_SETUP([Check stream open block - $1 - $3]) [AT_SETUP([Check stream open block - $1 - $3])
AT_SKIP_IF([test "$3" = "tcp6" && test "$IS_WIN32" = "yes"]) AT_SKIP_IF([test "$3" = "tcp6" && test "$IS_WIN32" = "yes"])
AT_SKIP_IF([test "$3" = "tcp6" && test "$HAVE_IPV6" = "no"]) AT_SKIP_IF([test "$3" = "tcp6" && test "$HAVE_IPV6" = "no"])
AT_SKIP_IF([test "$3" = "ssl6" && test "$IS_WIN32" = "yes"])
AT_SKIP_IF([test "$3" = "ssl6" && test "$HAVE_IPV6" = "no"])
AT_SKIP_IF([test "$3" = "ssl" && test "$HAVE_OPENSSL" = "no"])
$PYTHON3 -c "import ssl"
SSL_PRESENT=$?
AT_SKIP_IF([test "$3" = "ssl" && test $SSL_PRESENT != 0])
AT_SKIP_IF([test "$3" = "ssl6" && test "$HAVE_OPENSSL" = "no"])
AT_SKIP_IF([test "$3" = "ssl6" && test $SSL_PRESENT != 0])
AT_KEYWORDS([ovsdb server stream open_block $3]) AT_KEYWORDS([ovsdb server stream open_block $3])
OVSDB_START_IDLTEST(["ptcp:0:$4"]) PKIDIR=$abs_top_builddir/tests
m4_define([PROTOCOL], [m4_substr([$3], [0], [3])])
OVSDB_START_IDLTEST([m4_join([], [p], PROTOCOL, [:0:], $4)])
PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT]) PARSE_LISTENING_PORT([ovsdb-server.log], [TCP_PORT])
WRONG_PORT=$(($TCP_PORT + 101)) WRONG_PORT=$(($TCP_PORT + 101))
AT_CHECK([$2 tcp:$4:$TCP_PORT], [0], [ignore]) SSL_KEY_ARGS="$PKIDIR/testpki-privkey.pem $PKIDIR/testpki-cert.pem $PKIDIR/testpki-cacert.pem"
AT_CHECK([$2 tcp:$4:$WRONG_PORT], [1], [ignore], [ignore]) AT_CHECK([$2 PROTOCOL:$4:$TCP_PORT $SSL_KEY_ARGS], [0], [ignore])
AT_CHECK([$2 PROTOCOL:$4:$WRONG_PORT $SSL_KEY_ARGS], [1], [ignore],
[ignore])
OVSDB_SERVER_SHUTDOWN OVSDB_SERVER_SHUTDOWN
AT_CHECK([$2 tcp:$4:$TCP_PORT], [1], [ignore], [ignore]) AT_CHECK([$2 PROTOCOL:$4:$TCP_PORT $SSL_KEY_ARGS], [1], [ignore], [ignore])
AT_CLEANUP]) AT_CLEANUP])
CHECK_STREAM_OPEN_BLOCK([C], [test-stream], [tcp], [127.0.0.1]) CHECK_STREAM_OPEN_BLOCK([C], [test-stream], [tcp], [127.0.0.1])
@ -2302,6 +2319,12 @@ CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py],
[tcp], [127.0.0.1]) [tcp], [127.0.0.1])
CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py], CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py],
[tcp6], [[[::1]]]) [tcp6], [[[::1]]])
CHECK_STREAM_OPEN_BLOCK([C], [test-stream], [ssl], [127.0.0.1])
CHECK_STREAM_OPEN_BLOCK([C], [test-stream], [ssl6], [[[::1]]])
CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py],
[ssl], [127.0.0.1])
CHECK_STREAM_OPEN_BLOCK([Python3], [$PYTHON3 $srcdir/test-stream.py],
[ssl6], [[[::1]]])
# same as OVSDB_CHECK_IDL but uses Python IDL implementation with tcp # same as OVSDB_CHECK_IDL but uses Python IDL implementation with tcp
# with multiple remotes to assert the idl connects to the leader of the Raft cluster # with multiple remotes to assert the idl connects to the leader of the Raft cluster

12
tests/test-stream.c
View File

@ -19,6 +19,7 @@
#include "fatal-signal.h" #include "fatal-signal.h"
#include "openvswitch/vlog.h" #include "openvswitch/vlog.h"
#include "stream.h" #include "stream.h"
#include "stream-ssl.h"
#include "util.h" #include "util.h"
VLOG_DEFINE_THIS_MODULE(test_stream); VLOG_DEFINE_THIS_MODULE(test_stream);
@ -33,7 +34,16 @@ main(int argc, char *argv[])
set_program_name(argv[0]); set_program_name(argv[0]);
if (argc < 2) { if (argc < 2) {
ovs_fatal(0, "usage: %s REMOTE", argv[0]); ovs_fatal(0, "usage: %s REMOTE [SSL_KEY] [SSL_CERT] [SSL_CA]",
argv[0]);
}
if (strncmp("ssl:", argv[1], 4) == 0) {
if (argc < 5) {
ovs_fatal(0, "usage with ssl: %s REMOTE SSL_KEY SSL_CERT SSL_CA",
argv[0]);
}
stream_ssl_set_ca_cert_file(argv[4], false);
stream_ssl_set_key_and_cert(argv[2], argv[3]);
} }
error = stream_open_block(stream_open(argv[1], &stream, DSCP_DEFAULT), error = stream_open_block(stream_open(argv[1], &stream, DSCP_DEFAULT),

18
tests/test-stream.py
View File

@ -15,10 +15,28 @@
import sys import sys
import ovs.stream import ovs.stream
import ovs.util
def main(argv): def main(argv):
if len(argv) < 2:
ovs.util.ovs_fatal(0,
"usage: %s REMOTE [SSL_KEY] [SSL_CERT] [SSL_CA]",
argv[0],
)
remote = argv[1] remote = argv[1]
if remote.startswith("ssl:"):
if len(argv) < 5:
ovs.util.ovs_fatal(
0,
"usage with ssl: %s REMOTE [SSL_KEY] [SSL_CERT] [SSL_CA]",
argv[0],
)
ovs.stream.SSLStream.ssl_set_ca_cert_file(argv[4])
ovs.stream.SSLStream.ssl_set_certificate_file(argv[3])
ovs.stream.SSLStream.ssl_set_private_key_file(argv[2])
err, stream = ovs.stream.Stream.open_block( err, stream = ovs.stream.Stream.open_block(
ovs.stream.Stream.open(remote), 10000) ovs.stream.Stream.open(remote), 10000)