mir/ovs
2
0
Fork 0
mirror of https://github.com/openvswitch/ovs synced 2025-08-29 13:27:59 +00:00
Code Issues Releases Wiki Activity

stream-ssl: Read existing CA certificate more eagerly during bootstrap.

Browse Source 
When do_ca_cert_bootstrap() attempts to bootstrap a CA certificate from a
remote host, it gives up if the CA certificate file already exists.  It
knows that this file did not exist some time earlier (because it checked),
so it logged a warning and just returns.  The next time that
stream_ssl_set_ca_cert_file() gets called, it will read the new CA
certificate file and all will be well.

That works OK in ovsdb-server, which calls stream_ssl_set_ca_cert_file()
every time through its main loop.  It does not work well for ovs-vswitchd,
which only calls that function when it needs to reconfigure.  But it
should work fine to call it directly from do_ca_cert_bootstrap(), so this
commit changes it to do that.

Bug #2635.
This commit is contained in:
Ben Pfaff 2010-04-09 16:01:02 -07:00
parent 6a1f89c86b
commit b84f503d84
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/stream-ssl.c
View File

@ -334,10 +334,9 @@ do_ca_cert_bootstrap(struct stream *stream)
fd = open(ca_cert.file_name, O_CREAT | O_EXCL | O_WRONLY, 0444); fd = open(ca_cert.file_name, O_CREAT | O_EXCL | O_WRONLY, 0444);
if (fd < 0) { if (fd < 0) {
if (errno == EEXIST) { if (errno == EEXIST) {
VLOG_INFO("CA cert %s created by another process", VLOG_INFO("reading CA cert %s created by another process",
ca_cert.file_name); ca_cert.file_name);
/* We'll read it the next time around the main loop because stream_ssl_set_ca_cert_file(ca_cert.file_name, true);
* update_ssl_config() will see that it now exists. */
return EPROTO; return EPROTO;
} else { } else {
VLOG_ERR("could not bootstrap CA cert: creating %s failed: %s", VLOG_ERR("could not bootstrap CA cert: creating %s failed: %s",