[ovs-dev] [PATCH 7/7] vconn: Test SSL vconns too.
Justin Pettit
jpettit at nicira.com
Thu Jan 7 16:00:59 PST 2010
Looks good.
--Justin
On Jan 7, 2010, at 3:01 PM, Ben Pfaff wrote:
> This test should help avoid simple bugs in the SSL vconn and SSL stream
> implementations in the future. It would have found the bugs fixed by
> recent commits.
> ---
> tests/library.at | 3 +-
> tests/test-vconn.c | 227 ++++++++++++++++++++++++---------------------
> tests/testpki-cacert.pem | 70 ++++++++++++++
> tests/testpki-cert.pem | 70 ++++++++++++++
> tests/testpki-privkey.pem | 27 ++++++
> tests/testpki-req.pem | 63 +++++++++++++
> 6 files changed, 352 insertions(+), 108 deletions(-)
> create mode 100644 tests/testpki-cacert.pem
> create mode 100644 tests/testpki-cert.pem
> create mode 100644 tests/testpki-privkey.pem
> create mode 100644 tests/testpki-req.pem
>
> diff --git a/tests/library.at b/tests/library.at
> index ffcd4b8..eab1424 100644
> --- a/tests/library.at
> +++ b/tests/library.at
> @@ -36,5 +36,6 @@ OVS_CHECK_LCOV([test-type-props], [0], [ignore])
> AT_CLEANUP
>
> AT_SETUP([test vconn library])
> -OVS_CHECK_LCOV([test-vconn], [0], [ignore])
> +AT_CHECK([cp $abs_top_srcdir/tests/testpki*.pem .])
> +OVS_CHECK_LCOV([test-vconn], [0], [], [ignore])
> AT_CLEANUP
> diff --git a/tests/test-vconn.c b/tests/test-vconn.c
> index 87e35c4..948f30a 100644
> --- a/tests/test-vconn.c
> +++ b/tests/test-vconn.c
> @@ -1,5 +1,5 @@
> /*
> - * Copyright (c) 2009 Nicira Networks.
> + * Copyright (c) 2009, 2010 Nicira Networks.
> *
> * Licensed under the Apache License, Version 2.0 (the "License");
> * you may not use this file except in compliance with the License.
> @@ -23,6 +23,8 @@
> #include <unistd.h>
> #include "poll-loop.h"
> #include "socket-util.h"
> +#include "stream.h"
> +#include "stream-ssl.h"
> #include "timeval.h"
> #include "util.h"
> #include "vlog.h"
> @@ -34,94 +36,82 @@ struct fake_pvconn {
> const char *type;
> char *pvconn_name;
> char *vconn_name;
> - int fd;
> + struct pstream *pstream;
> };
>
> static void
> +check(int a, int b, const char *as, const char *file, int line)
> +{
> + if (a != b) {
> + ovs_fatal(0, "%s:%d: %s is %d but should be %d", file, line, as, a, b);
> + }
> +}
> +
> +
> +#define CHECK(A, B) check(A, B, #A, __FILE__, __LINE__)
> +
> +static void
> +check_errno(int a, int b, const char *as, const char *file, int line)
> +{
> + if (a != b) {
> + ovs_fatal(0, "%s:%d: %s is %d (%s) but should be %d (%s)",
> + file, line, as, a, strerror(abs(a)), b, strerror(abs(b)));
> + }
> +}
> +
> +#define CHECK_ERRNO(A, B) check_errno(A, B, #A, __FILE__, __LINE__)
> +
> +static void
> fpv_create(const char *type, struct fake_pvconn *fpv)
> {
> fpv->type = type;
> if (!strcmp(type, "unix")) {
> static int unix_count = 0;
> char *bind_path;
> - int fd;
>
> bind_path = xasprintf("fake-pvconn.%d", unix_count++);
> - fd = make_unix_socket(SOCK_STREAM, false, false, bind_path, NULL);
> - if (fd < 0) {
> - ovs_fatal(-fd, "%s: could not bind to Unix domain socket",
> - bind_path);
> - }
> -
> fpv->pvconn_name = xasprintf("punix:%s", bind_path);
> fpv->vconn_name = xasprintf("unix:%s", bind_path);
> - fpv->fd = fd;
> + CHECK_ERRNO(pstream_open(fpv->pvconn_name, &fpv->pstream), 0);
> free(bind_path);
> - } else if (!strcmp(type, "tcp")) {
> - struct sockaddr_in sin;
> - socklen_t sin_len;
> - int fd;
> -
> - /* Create TCP socket. */
> - fd = socket(PF_INET, SOCK_STREAM, 0);
> - if (fd < 0) {
> - ovs_fatal(errno, "failed to create TCP socket");
> - }
> + } else if (!strcmp(type, "tcp") || !strcmp(type, "ssl")) {
> + char *s, *method, *port, *save_ptr = NULL;
> + char *open_name;
>
> - /* Bind TCP socket to localhost on any available port. */
> - sin.sin_family = AF_INET;
> - sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
> - sin.sin_port = htons(0);
> - if (bind(fd, (struct sockaddr *) &sin, sizeof sin) < 0) {
> - ovs_fatal(errno, "failed to bind TCP socket");
> - }
> + open_name = xasprintf("p%s:0:127.0.0.1", type);
> + CHECK_ERRNO(pstream_open(open_name, &fpv->pstream), 0);
>
> - /* Retrieve socket's port number. */
> - sin_len = sizeof sin;
> - if (getsockname(fd, (struct sockaddr *)&sin, &sin_len) < 0) {
> - ovs_fatal(errno, "failed to read TCP socket name");
> - }
> - if (sin_len != sizeof sin || sin.sin_family != AF_INET) {
> - ovs_fatal(errno, "bad TCP socket name");
> - }
> + /* Extract bound port number from pstream name. */
> + s = xstrdup(pstream_get_name(fpv->pstream));
> + method = strtok_r(s, ":", &save_ptr);
> + port = strtok_r(NULL, ":", &save_ptr);
>
> /* Save info. */
> - fpv->pvconn_name = xasprintf("ptcp:%"PRIu16":127.0.0.1",
> - ntohs(sin.sin_port));
> - fpv->vconn_name = xasprintf("tcp:127.0.0.1:%"PRIu16,
> - ntohs(sin.sin_port));
> - fpv->fd = fd;
> + fpv->pvconn_name = xstrdup(pstream_get_name(fpv->pstream));
> + fpv->vconn_name = xasprintf("%s:127.0.0.1:%s", type, port);
> +
> + free(open_name);
> + free(s);
> } else {
> abort();
> }
> -
> - /* Listen. */
> - if (listen(fpv->fd, 0) < 0) {
> - ovs_fatal(errno, "%s: listen failed", fpv->vconn_name);
> - }
> }
>
> -static int
> +static struct stream *
> fpv_accept(struct fake_pvconn *fpv)
> {
> - int fd;
> + struct stream *stream;
>
> - fd = accept(fpv->fd, NULL, NULL);
> - if (fd < 0) {
> - ovs_fatal(errno, "%s: accept failed", fpv->pvconn_name);
> - }
> - return fd;
> + CHECK_ERRNO(pstream_accept_block(fpv->pstream, &stream), 0);
> +
> + return stream;
> }
>
> static void
> fpv_close(struct fake_pvconn *fpv)
> {
> - if (fpv->fd >= 0) {
> - if (close(fpv->fd) < 0) {
> - ovs_fatal(errno, "failed to close %s fake pvconn", fpv->type);
> - }
> - fpv->fd = -1;
> - }
> + pstream_close(fpv->pstream);
> + fpv->pstream = NULL;
> }
>
> static void
> @@ -141,10 +131,10 @@ test_refuse_connection(const char *type, int expected_error)
> struct vconn *vconn;
>
> fpv_create(type, &fpv);
> - assert(!vconn_open(fpv.vconn_name, OFP_VERSION, &vconn));
> + CHECK_ERRNO(vconn_open(fpv.vconn_name, OFP_VERSION, &vconn), 0);
> fpv_close(&fpv);
> vconn_run(vconn);
> - assert(vconn_connect(vconn) == expected_error);
> + CHECK_ERRNO(vconn_connect(vconn), expected_error);
> vconn_close(vconn);
> fpv_destroy(&fpv);
> }
> @@ -159,11 +149,11 @@ test_accept_then_close(const char *type, int expected_error)
> struct vconn *vconn;
>
> fpv_create(type, &fpv);
> - assert(!vconn_open(fpv.vconn_name, OFP_VERSION, &vconn));
> + CHECK_ERRNO(vconn_open(fpv.vconn_name, OFP_VERSION, &vconn), 0);
> vconn_run(vconn);
> - close(fpv_accept(&fpv));
> + stream_close(fpv_accept(&fpv));
> fpv_close(&fpv);
> - assert(vconn_connect(vconn) == expected_error);
> + CHECK_ERRNO(vconn_connect(vconn), expected_error);
> vconn_close(vconn);
> fpv_destroy(&fpv);
> }
> @@ -176,37 +166,36 @@ test_read_hello(const char *type, int expected_error)
> {
> struct fake_pvconn fpv;
> struct vconn *vconn;
> - int fd;
> + struct stream *stream;
>
> fpv_create(type, &fpv);
> - assert(!vconn_open(fpv.vconn_name, OFP_VERSION, &vconn));
> + CHECK_ERRNO(vconn_open(fpv.vconn_name, OFP_VERSION, &vconn), 0);
> vconn_run(vconn);
> - fd = fpv_accept(&fpv);
> + stream = fpv_accept(&fpv);
> fpv_destroy(&fpv);
> - assert(!set_nonblocking(fd));
> for (;;) {
> struct ofp_header hello;
> int retval;
>
> - retval = read(fd, &hello, sizeof hello);
> + retval = stream_recv(stream, &hello, sizeof hello);
> if (retval == sizeof hello) {
> - assert(hello.version == OFP_VERSION);
> - assert(hello.type == OFPT_HELLO);
> - assert(hello.length == htons(sizeof hello));
> + CHECK(hello.version, OFP_VERSION);
> + CHECK(hello.type, OFPT_HELLO);
> + CHECK(hello.length, htons(sizeof hello));
> break;
> } else {
> - assert(errno == EAGAIN);
> + CHECK_ERRNO(retval, -EAGAIN);
> }
>
> vconn_run(vconn);
> - assert(vconn_connect(vconn) == EAGAIN);
> + CHECK_ERRNO(vconn_connect(vconn), EAGAIN);
> vconn_run_wait(vconn);
> vconn_connect_wait(vconn);
> - poll_fd_wait(fd, POLLIN);
> + stream_recv_wait(stream);
> poll_block();
> }
> - close(fd);
> - assert(vconn_connect(vconn) == expected_error);
> + stream_close(stream);
> + CHECK_ERRNO(vconn_connect(vconn), expected_error);
> vconn_close(vconn);
> }
>
> @@ -222,30 +211,46 @@ test_send_hello(const char *type, const void *out, size_t out_size,
> struct vconn *vconn;
> bool read_hello, connected;
> struct ofpbuf *msg;
> - int fd;
> + struct stream *stream;
> + size_t n_sent;
>
> fpv_create(type, &fpv);
> - assert(!vconn_open(fpv.vconn_name, OFP_VERSION, &vconn));
> + CHECK_ERRNO(vconn_open(fpv.vconn_name, OFP_VERSION, &vconn), 0);
> vconn_run(vconn);
> - fd = fpv_accept(&fpv);
> + stream = fpv_accept(&fpv);
> fpv_destroy(&fpv);
>
> - assert(write(fd, out, out_size) == out_size);
> -
> - assert(!set_nonblocking(fd));
> + n_sent = 0;
> + while (n_sent < out_size) {
> + int retval;
> +
> + retval = stream_send(stream, (char *) out + n_sent, out_size - n_sent);
> + if (retval > 0) {
> + n_sent += retval;
> + } else if (retval == -EAGAIN) {
> + stream_run(stream);
> + vconn_run(vconn);
> + stream_recv_wait(stream);
> + vconn_connect_wait(vconn);
> + vconn_run_wait(vconn);
> + poll_block();
> + } else {
> + ovs_fatal(0, "stream_send returned unexpected value %d", retval);
> + }
> + }
>
> read_hello = connected = false;
> for (;;) {
> if (!read_hello) {
> struct ofp_header hello;
> - int retval = read(fd, &hello, sizeof hello);
> + int retval = stream_recv(stream, &hello, sizeof hello);
> if (retval == sizeof hello) {
> - assert(hello.version == OFP_VERSION);
> - assert(hello.type == OFPT_HELLO);
> - assert(hello.length == htons(sizeof hello));
> + CHECK(hello.version, OFP_VERSION);
> + CHECK(hello.type, OFPT_HELLO);
> + CHECK(hello.length, htons(sizeof hello));
> read_hello = true;
> } else {
> - assert(errno == EAGAIN);
> + CHECK_ERRNO(retval, -EAGAIN);
> }
> }
>
> @@ -256,12 +261,12 @@ test_send_hello(const char *type, const void *out, size_t out_size,
> if (!error) {
> connected = true;
> } else {
> - close(fd);
> + stream_close(stream);
> vconn_close(vconn);
> return;
> }
> } else {
> - assert(error == EAGAIN);
> + CHECK_ERRNO(error, EAGAIN);
> }
> }
>
> @@ -274,12 +279,12 @@ test_send_hello(const char *type, const void *out, size_t out_size,
> vconn_connect_wait(vconn);
> }
> if (!read_hello) {
> - poll_fd_wait(fd, POLLIN);
> + stream_recv_wait(stream);
> }
> poll_block();
> }
> - close(fd);
> - assert(vconn_recv(vconn, &msg) == EOF);
> + stream_close(stream);
> + CHECK_ERRNO(vconn_recv(vconn, &msg), EOF);
> vconn_close(vconn);
> }
>
> @@ -360,33 +365,41 @@ main(int argc UNUSED, char *argv[])
> time_init();
> vlog_init();
> signal(SIGPIPE, SIG_IGN);
> - vlog_set_levels(VLM_ANY_MODULE, VLF_ANY_FACILITY, VLL_EMER);
>
> time_alarm(10);
>
> test_refuse_connection("unix", EPIPE);
> - test_refuse_connection("tcp", ECONNRESET);
> -
> test_accept_then_close("unix", EPIPE);
> - test_accept_then_close("tcp", ECONNRESET);
> -
> test_read_hello("unix", ECONNRESET);
> - test_read_hello("tcp", ECONNRESET);
> -
> test_send_plain_hello("unix");
> - test_send_plain_hello("tcp");
> -
> test_send_long_hello("unix");
> - test_send_long_hello("tcp");
> -
> test_send_echo_hello("unix");
> - test_send_echo_hello("tcp");
> -
> test_send_short_hello("unix");
> - test_send_short_hello("tcp");
> -
> test_send_invalid_version_hello("unix");
> +
> + test_accept_then_close("tcp", ECONNRESET);
> + test_refuse_connection("tcp", ECONNRESET);
> + test_read_hello("tcp", ECONNRESET);
> + test_send_plain_hello("tcp");
> + test_send_long_hello("tcp");
> + test_send_echo_hello("tcp");
> + test_send_short_hello("tcp");
> test_send_invalid_version_hello("tcp");
>
> +#ifdef HAVE_OPENSSL
> + stream_ssl_set_private_key_file("testpki-privkey.pem");
> + stream_ssl_set_certificate_file("testpki-cert.pem");
> + stream_ssl_set_ca_cert_file("testpki-cacert.pem", false);
> +
> + test_accept_then_close("ssl", EPROTO);
> + test_refuse_connection("ssl", ECONNRESET);
> + test_read_hello("ssl", ECONNRESET);
> + test_send_plain_hello("ssl");
> + test_send_long_hello("ssl");
> + test_send_echo_hello("ssl");
> + test_send_short_hello("ssl");
> + test_send_invalid_version_hello("ssl");
> +#endif /* HAVE_OPENSSL */
> +
> return 0;
> }
> diff --git a/tests/testpki-cacert.pem b/tests/testpki-cacert.pem
> new file mode 100644
> index 0000000..e888505
> --- /dev/null
> +++ b/tests/testpki-cacert.pem
> @@ -0,0 +1,70 @@
> +Certificate:
> + Data:
> + Version: 1 (0x0)
> + Serial Number: 1 (0x1)
> + Signature Algorithm: md5WithRSAEncryption
> + Issuer: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2010 Jan 06 17:08:30)
> + Validity
> + Not Before: Jan 7 01:08:32 2010 GMT
> + Not After : Jan 7 01:08:32 2016 GMT
> + Subject: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2010 Jan 06 17:08:30)
> + Subject Public Key Info:
> + Public Key Algorithm: rsaEncryption
> + RSA Public Key: (2048 bit)
> + Modulus (2048 bit):
> + 00:cc:b2:25:ba:07:b8:d6:e1:23:20:1e:41:a1:49:
> + 35:68:09:71:19:ef:68:a0:45:e0:bd:33:41:0d:2b:
> + b7:7d:33:16:57:d4:16:da:ba:a0:7e:ae:9c:76:5b:
> + 92:93:96:a9:5b:bd:6f:b3:fd:6a:62:b9:10:46:98:
> + d9:b4:ea:ab:99:f3:72:4b:d1:11:81:77:75:09:be:
> + fd:9f:55:f7:6c:78:0a:b1:9d:f8:c5:c5:a0:de:05:
> + 0d:78:62:66:ed:b1:0f:b3:9a:69:fd:13:9f:43:a7:
> + aa:e4:3c:a1:63:68:46:c2:a1:56:56:eb:62:b5:0e:
> + 2b:be:7b:8e:c9:aa:c2:6f:04:af:7b:5a:ed:4b:16:
> + fb:47:4d:45:81:d8:b8:2e:08:21:a7:4d:cc:78:9b:
> + b0:b0:a0:18:91:53:ab:64:c3:eb:66:74:93:cc:8a:
> + b4:40:c5:4e:2e:cc:c5:63:c0:6b:2d:6e:cd:b9:1c:
> + a9:45:ad:82:0a:d2:1f:5d:84:bc:29:a1:82:0d:75:
> + 1c:1a:21:8b:15:03:88:94:e5:89:ed:48:22:e0:7e:
> + b9:15:f1:13:fb:6c:a2:48:c7:2d:e5:01:04:b7:23:
> + 6a:06:45:7b:e3:14:59:ac:1d:87:e6:a5:ec:7c:86:
> + 80:17:64:71:a0:43:27:27:f5:2c:bd:34:60:c7:a1:
> + 22:3f
> + Exponent: 65537 (0x10001)
> + Signature Algorithm: md5WithRSAEncryption
> + c7:85:13:17:b6:ca:c8:1b:8a:8e:eb:3b:64:05:e4:d5:a2:2c:
> + 6b:ee:83:d8:e0:67:f9:99:59:15:59:9d:6d:16:c0:6b:c3:ed:
> + 61:31:0a:40:1b:63:1d:57:a5:67:3d:46:55:6b:9f:ed:18:79:
> + 45:fc:db:d9:48:d2:86:0f:aa:e0:43:18:3f:f4:e3:71:a3:28:
> + d4:00:ae:7c:0e:91:2c:5b:5b:ff:be:ad:b6:4b:b7:0e:e3:ea:
> + 7a:66:69:6c:83:90:0c:59:c1:d7:4d:1a:b9:69:0d:ac:6e:07:
> + b3:42:3c:3e:54:ac:85:c5:58:67:51:2a:c0:05:1f:70:6a:07:
> + 86:2c:42:56:ee:3b:69:7b:db:35:e6:c6:5b:eb:25:66:ca:89:
> + bb:d7:37:ae:d2:b9:e8:56:38:a2:ec:ff:45:38:97:ae:43:20:
> + c8:55:c9:c8:0f:45:37:70:97:b9:8a:2e:56:52:6f:20:f3:08:
> + b7:1a:26:98:b9:d9:7d:52:69:b3:95:2b:c5:4e:0c:7b:fd:cd:
> + 6a:a2:23:cf:eb:ee:de:74:17:0b:cc:a3:91:f1:41:0b:1e:94:
> + e2:ea:52:85:c1:3d:de:f9:e6:44:5a:f6:fe:7d:2f:fb:6f:60:
> + 89:2c:f0:0c:c7:c7:fb:6f:23:4d:a1:18:89:28:ea:61:f4:3a:
> + 9d:ca:1f:60
> +-----BEGIN CERTIFICATE-----
> +MIIDeDCCAmACAQEwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD
> +VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMREwDwYDVQQLEwhzd2l0Y2hj
> +YTE7MDkGA1UEAxMyT1ZTIHN3aXRjaGNhIENBIENlcnRpZmljYXRlICgyMDEwIEph
> +biAwNiAxNzowODozMCkwHhcNMTAwMTA3MDEwODMyWhcNMTYwMTA3MDEwODMyWjCB
> +gTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQKEwxPcGVuIHZTd2l0
> +Y2gxETAPBgNVBAsTCHN3aXRjaGNhMTswOQYDVQQDEzJPVlMgc3dpdGNoY2EgQ0Eg
> +Q2VydGlmaWNhdGUgKDIwMTAgSmFuIDA2IDE3OjA4OjMwKTCCASIwDQYJKoZIhvcN
> +AQEBBQADggEPADCCAQoCggEBAMyyJboHuNbhIyAeQaFJNWgJcRnvaKBF4L0zQQ0r
> +t30zFlfUFtq6oH6unHZbkpOWqVu9b7P9amK5EEaY2bTqq5nzckvREYF3dQm+/Z9V
> +92x4CrGd+MXFoN4FDXhiZu2xD7Oaaf0Tn0OnquQ8oWNoRsKhVlbrYrUOK757jsmq
> +wm8Er3ta7UsW+0dNRYHYuC4IIadNzHibsLCgGJFTq2TD62Z0k8yKtEDFTi7MxWPA
> +ay1uzbkcqUWtggrSH12EvCmhgg11HBohixUDiJTlie1IIuB+uRXxE/tsokjHLeUB
> +BLcjagZFe+MUWawdh+al7HyGgBdkcaBDJyf1LL00YMehIj8CAwEAATANBgkqhkiG
> +9w0BAQQFAAOCAQEAx4UTF7bKyBuKjus7ZAXk1aIsa+6D2OBn+ZlZFVmdbRbAa8Pt
> +YTEKQBtjHVelZz1GVWuf7Rh5Rfzb2UjShg+q4EMYP/TjcaMo1ACufA6RLFtb/76t
> +tku3DuPqemZpbIOQDFnB100auWkNrG4Hs0I8PlSshcVYZ1EqwAUfcGoHhixCVu47
> +aXvbNebGW+slZsqJu9c3rtK56FY4ouz/RTiXrkMgyFXJyA9FN3CXuYouVlJvIPMI
> +txommLnZfVJps5UrxU4Me/3NaqIjz+vu3nQXC8yjkfFBCx6U4upShcE93vnmRFr2
> +/n0v+29giSzwDMfH+28jTaEYiSjqYfQ6ncofYA==
> +-----END CERTIFICATE-----
> diff --git a/tests/testpki-cert.pem b/tests/testpki-cert.pem
> new file mode 100644
> index 0000000..75d815d
> --- /dev/null
> +++ b/tests/testpki-cert.pem
> @@ -0,0 +1,70 @@
> +Certificate:
> + Data:
> + Version: 1 (0x0)
> + Serial Number: 2 (0x2)
> + Signature Algorithm: md5WithRSAEncryption
> + Issuer: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2010 Jan 06 17:08:30)
> + Validity
> + Not Before: Jan 7 01:08:59 2010 GMT
> + Not After : Jan 7 01:08:59 2011 GMT
> + Subject: C=US, ST=CA, O=Open vSwitch, OU=Open vSwitch certifier, CN=Open vSwitch certificate for testpki
> + Subject Public Key Info:
> + Public Key Algorithm: rsaEncryption
> + RSA Public Key: (2048 bit)
> + Modulus (2048 bit):
> + 00:ac:3f:c6:b1:ef:a3:e3:68:98:2c:91:a1:3a:21:
> + 02:38:87:5b:75:7a:1c:17:c9:b0:64:a9:f7:80:17:
> + 08:0f:b5:25:b4:46:80:6b:7e:92:ab:f8:93:05:17:
> + 77:e4:12:86:eb:54:5d:a7:a0:45:70:16:5e:d7:4f:
> + 6b:7c:9f:fe:83:a4:c1:62:83:33:71:6f:4f:4e:68:
> + 84:a6:92:a5:77:8f:ad:cd:ee:bf:61:72:24:c0:64:
> + df:73:98:de:37:6b:b8:4d:78:f4:ba:06:95:64:ef:
> + 82:b1:2f:71:01:44:ca:3c:de:fa:32:28:b6:ea:72:
> + 7b:4d:d6:a0:fb:4b:73:de:a9:7f:25:ad:20:02:3d:
> + 5f:7f:7f:8e:91:34:97:0a:10:96:be:3d:ee:37:5b:
> + a9:91:9e:7f:d5:ac:7b:e3:56:47:a4:14:15:dd:48:
> + ce:32:6f:c4:83:09:07:31:bb:34:77:4d:f7:12:70:
> + 86:b8:b2:64:16:3b:ea:d2:72:e0:73:6b:6f:ce:59:
> + cf:56:6d:a8:94:3c:10:d7:47:7e:b2:91:9d:c7:65:
> + 23:8a:b1:ca:9c:15:36:c5:d9:db:b1:e7:b8:1f:09:
> + 20:1d:da:97:de:93:7c:e2:5d:94:ea:38:d8:ce:60:
> + c9:9e:43:da:6d:9d:c9:d2:a0:e9:6d:5a:9b:57:53:
> + 86:7d
> + Exponent: 65537 (0x10001)
> + Signature Algorithm: md5WithRSAEncryption
> + 19:a9:2a:66:fc:09:78:c9:87:e6:73:be:9a:d2:b7:87:07:7b:
> + 93:70:04:cd:f2:c9:47:a3:8f:9f:c4:af:92:ef:cf:07:d3:83:
> + 90:f7:8a:f0:55:f6:8a:2e:af:57:b9:e4:9c:72:37:b7:af:12:
> + fb:dc:07:9b:94:7b:18:c8:53:86:6d:02:77:eb:e3:ac:21:e1:
> + 6d:b5:fe:04:6b:a1:d2:78:a6:58:4b:5d:a7:17:e1:3b:d9:94:
> + ab:81:5e:c1:9a:b5:34:a5:a7:9a:2b:1b:74:d7:a4:aa:fa:81:
> + 5c:e5:5f:1a:07:54:36:21:76:04:a9:5e:11:38:46:b8:1c:11:
> + 15:78:f8:0c:31:8d:9a:a3:e4:d0:72:a8:29:80:c2:3d:9d:f6:
> + 61:dd:ca:c9:6c:7e:ca:c0:0d:61:28:4d:3e:ea:51:9d:c2:c4:
> + 7c:47:da:cc:24:35:9c:2a:0d:ac:ea:5f:33:5a:ab:b7:94:cb:
> + 3f:91:38:92:a3:62:3b:40:ef:79:55:96:b3:24:5a:19:a2:53:
> + 99:63:f9:85:d4:b6:48:b8:9a:f8:bc:b7:74:f8:cf:95:dc:1a:
> + f2:66:cd:2b:4b:d4:c1:19:69:77:f9:f6:08:04:61:cd:80:ee:
> + 46:44:27:82:49:60:a9:be:4b:51:75:ca:15:16:0b:97:c2:2f:
> + 26:f2:dd:42
> +-----BEGIN CERTIFICATE-----
> +MIIDeDCCAmACAQIwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD
> +VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMREwDwYDVQQLEwhzd2l0Y2hj
> +YTE7MDkGA1UEAxMyT1ZTIHN3aXRjaGNhIENBIENlcnRpZmljYXRlICgyMDEwIEph
> +biAwNiAxNzowODozMCkwHhcNMTAwMTA3MDEwODU5WhcNMTEwMTA3MDEwODU5WjCB
> +gTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQKEwxPcGVuIHZTd2l0
> +Y2gxHzAdBgNVBAsTFk9wZW4gdlN3aXRjaCBjZXJ0aWZpZXIxLTArBgNVBAMTJE9w
> +ZW4gdlN3aXRjaCBjZXJ0aWZpY2F0ZSBmb3IgdGVzdHBraTCCASIwDQYJKoZIhvcN
> +AQEBBQADggEPADCCAQoCggEBAKw/xrHvo+NomCyRoTohAjiHW3V6HBfJsGSp94AX
> +CA+1JbRGgGt+kqv4kwUXd+QShutUXaegRXAWXtdPa3yf/oOkwWKDM3FvT05ohKaS
> +pXePrc3uv2FyJMBk33OY3jdruE149LoGlWTvgrEvcQFEyjze+jIotupye03WoPtL
> +c96pfyWtIAI9X39/jpE0lwoQlr497jdbqZGef9Wse+NWR6QUFd1IzjJvxIMJBzG7
> +NHdN9xJwhriyZBY76tJy4HNrb85Zz1ZtqJQ8ENdHfrKRncdlI4qxypwVNsXZ27Hn
> +uB8JIB3al96TfOJdlOo42M5gyZ5D2m2dydKg6W1am1dThn0CAwEAATANBgkqhkiG
> +9w0BAQQFAAOCAQEAGakqZvwJeMmH5nO+mtK3hwd7k3AEzfLJR6OPn8Svku/PB9OD
> +kPeK8FX2ii6vV7nknHI3t68S+9wHm5R7GMhThm0Cd+vjrCHhbbX+BGuh0nimWEtd
> +pxfhO9mUq4FewZq1NKWnmisbdNekqvqBXOVfGgdUNiF2BKleEThGuBwRFXj4DDGN
> +mqPk0HKoKYDCPZ32Yd3KyWx+ysANYShNPupRncLEfEfazCQ1nCoNrOpfM1qrt5TL
> +P5E4kqNiO0DveVWWsyRaGaJTmWP5hdS2SLia+Ly3dPjPldwa8mbNK0vUwRlpd/n2
> +CARhzYDuRkQngklgqb5LUXXKFRYLl8IvJvLdQg==
> +-----END CERTIFICATE-----
> diff --git a/tests/testpki-privkey.pem b/tests/testpki-privkey.pem
> new file mode 100644
> index 0000000..759f58a
> --- /dev/null
> +++ b/tests/testpki-privkey.pem
> @@ -0,0 +1,27 @@
> +-----BEGIN RSA PRIVATE KEY-----
> +MIIEpAIBAAKCAQEArD/Gse+j42iYLJGhOiECOIdbdXocF8mwZKn3gBcID7UltEaA
> +a36Sq/iTBRd35BKG61Rdp6BFcBZe109rfJ/+g6TBYoMzcW9PTmiEppKld4+tze6/
> +YXIkwGTfc5jeN2u4TXj0ugaVZO+CsS9xAUTKPN76Mii26nJ7Tdag+0tz3ql/Ja0g
> +Aj1ff3+OkTSXChCWvj3uN1upkZ5/1ax741ZHpBQV3UjOMm/EgwkHMbs0d033EnCG
> +uLJkFjvq0nLgc2tvzlnPVm2olDwQ10d+spGdx2UjirHKnBU2xdnbsee4HwkgHdqX
> +3pN84l2U6jjYzmDJnkPabZ3J0qDpbVqbV1OGfQIDAQABAoIBADr/MSAa82hdl9mU
> +G8PcMHWKLxJCu8KOC0O/T41o1hMDOaHQkAXBeZ07a6fPzPmqOtn5sIZMh9wHXX6j
> +ri4mYrdWRAJo68LLnD8/30dqbRBRfvdM8fH/dYUMR9jBIEOdOqgWaMQaoyrKOlpT
> +5IHJvPcybEGn3lbY1VDo1YSc6Ff36AGLdORVH8dY9tYx/IKbyzRmDvzai6EVSDtl
> +yp2zinXRNJ+AVwB0epsKbOVZa0WaYN1KclqOtFn7xANoUvy5YBHZDedC3yWxuZvZ
> +dNeTjUniauukz7ivKg9/rWZFfYZ2251mrOfO9aIHOUzBurbDS/rzjVgwQmv483T9
> +2cDL/IUCgYEA3tXDA0Mcv1d7IzP6A4CQ6o49JyWVkMHxKkhZy1cR+pBRc7tgpQrF
> +YrtEWdsDvUJLGMUQBmm7VMpMjTRQ/YuBcdIB2USkJcDHPaZRAA1mlDPG6cSsy7yI
> +d2qZFOOkUEjLqKicxiHTrCOz9HBb1McolTo9h5SdfBy5bHb9LPul3E8CgYEAxeKk
> +L3m1C1rFVpVF8zoHF+zK3/d9zwzdLzmFfFrKqzIT3/6cJKEwHLJN69mja60+MKLZ
> +6F1G+R4/JxE8TnCSXHh7UYULhyFolZaWwZn5xVld0210QU+f4EBUZMt4bZjDxEyr
> +/vxDZaqu7SB5Mmqq++C9YzdeIk1GGJ0TE2MmwXMCgYEAuPJ+ayS2pXD8ONmY9nMs
> +1CC+TNF686ykd02ZiZV4zJgfooiwzArGjQ2Uy2dmER0Gq0ZT6J605skJBGGZnva8
> +tzVwZ137R4JbW6XAsORucS8QN1IPgQG32jVVXOsbo67nqdJYXHIS91qir4zaCx5J
> +ZqHyE6ebljlZBNc1hrJOlS0CgYEAhoc/626oYCHDistMlMBcVi2K9pwAkaRDMnm+
> +f/4RTjVrQZqMeHKEjN3DD5YT/X33i4UK82eGepHPiTW0c/cf6XGXFKKIZcOWoCuS
> +LegJ39qTaMs+f7AsFn5lYWjaZFe4r1kYjO7eut1AssCi5F2UBEyTNEJN4q/5+X2/
> +nCyKCnUCgYBzxbUnJBhuA8ivNb/lXdGCvqnBaZb1Bjb+Ljv0yDhMVEJwKpGpm5H3
> +DySodzklBrU+eL9TLPcFM6N+okmDsMQqUygUJ1PXLRZKnpLVRILmHcMWbgCrbw4Q
> +pd22A01NncdtPY2107ZeVZnjzqHF+5CXxMlKBl4QG07KFtzbNOcQuA==
> +-----END RSA PRIVATE KEY-----
> diff --git a/tests/testpki-req.pem b/tests/testpki-req.pem
> new file mode 100644
> index 0000000..da53b10
> --- /dev/null
> +++ b/tests/testpki-req.pem
> @@ -0,0 +1,63 @@
> +Certificate Request:
> + Data:
> + Version: 0 (0x0)
> + Subject: C=US, ST=CA, L=Palo Alto, O=Open vSwitch, OU=Open vSwitch certifier, CN=Open vSwitch certificate for testpki
> + Subject Public Key Info:
> + Public Key Algorithm: rsaEncryption
> + RSA Public Key: (2048 bit)
> + Modulus (2048 bit):
> + 00:ac:3f:c6:b1:ef:a3:e3:68:98:2c:91:a1:3a:21:
> + 02:38:87:5b:75:7a:1c:17:c9:b0:64:a9:f7:80:17:
> + 08:0f:b5:25:b4:46:80:6b:7e:92:ab:f8:93:05:17:
> + 77:e4:12:86:eb:54:5d:a7:a0:45:70:16:5e:d7:4f:
> + 6b:7c:9f:fe:83:a4:c1:62:83:33:71:6f:4f:4e:68:
> + 84:a6:92:a5:77:8f:ad:cd:ee:bf:61:72:24:c0:64:
> + df:73:98:de:37:6b:b8:4d:78:f4:ba:06:95:64:ef:
> + 82:b1:2f:71:01:44:ca:3c:de:fa:32:28:b6:ea:72:
> + 7b:4d:d6:a0:fb:4b:73:de:a9:7f:25:ad:20:02:3d:
> + 5f:7f:7f:8e:91:34:97:0a:10:96:be:3d:ee:37:5b:
> + a9:91:9e:7f:d5:ac:7b:e3:56:47:a4:14:15:dd:48:
> + ce:32:6f:c4:83:09:07:31:bb:34:77:4d:f7:12:70:
> + 86:b8:b2:64:16:3b:ea:d2:72:e0:73:6b:6f:ce:59:
> + cf:56:6d:a8:94:3c:10:d7:47:7e:b2:91:9d:c7:65:
> + 23:8a:b1:ca:9c:15:36:c5:d9:db:b1:e7:b8:1f:09:
> + 20:1d:da:97:de:93:7c:e2:5d:94:ea:38:d8:ce:60:
> + c9:9e:43:da:6d:9d:c9:d2:a0:e9:6d:5a:9b:57:53:
> + 86:7d
> + Exponent: 65537 (0x10001)
> + Attributes:
> + a0:00
> + Signature Algorithm: sha1WithRSAEncryption
> + 21:46:4c:7a:a9:da:58:cf:ee:d3:0a:81:ee:cd:bf:73:cf:05:
> + 93:2b:ef:f5:c7:7d:5e:96:a5:82:d2:62:34:26:8f:1e:f6:db:
> + 6f:0e:05:39:a5:3c:df:bb:51:02:2f:bc:5b:a8:a0:a5:5e:ce:
> + e4:55:21:73:92:1d:bf:53:a4:f5:dc:7e:0e:f8:b1:05:57:3d:
> + 0c:04:5e:a6:35:c6:ae:81:59:6c:28:c5:19:4b:8c:da:dd:1e:
> + 97:51:bf:8b:f8:21:dc:c9:23:07:7a:66:66:fc:e2:b6:c6:e7:
> + f3:b4:e4:3e:7e:be:72:3e:3a:65:98:f1:6c:4f:79:8a:3c:11:
> + 59:3d:9f:28:c8:80:eb:9d:e3:1d:6c:4e:b7:59:4e:48:b9:f8:
> + 87:cf:35:13:f8:15:d3:6f:fb:1c:89:6f:ec:2c:24:5c:7b:9f:
> + fa:f0:a9:61:7b:4d:ab:40:84:dc:f8:5a:13:13:7a:b2:f4:09:
> + 36:95:76:1d:c8:d8:33:eb:67:c8:c9:a9:de:98:9a:77:33:46:
> + 83:37:19:60:d0:38:6f:dd:39:14:d7:a0:74:40:91:1f:60:bc:
> + 0b:f8:ca:81:7d:88:67:c7:89:cf:4c:c5:95:65:66:f5:c2:98:
> + 29:77:a2:93:b6:37:55:cc:f4:85:01:58:30:30:54:9a:c4:57:
> + 35:e4:21:bd
> +-----BEGIN CERTIFICATE REQUEST-----
> +MIIC2zCCAcMCAQAwgZUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UE
> +BxMJUGFsbyBBbHRvMRUwEwYDVQQKEwxPcGVuIHZTd2l0Y2gxHzAdBgNVBAsTFk9w
> +ZW4gdlN3aXRjaCBjZXJ0aWZpZXIxLTArBgNVBAMTJE9wZW4gdlN3aXRjaCBjZXJ0
> +aWZpY2F0ZSBmb3IgdGVzdHBraTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
> +ggEBAKw/xrHvo+NomCyRoTohAjiHW3V6HBfJsGSp94AXCA+1JbRGgGt+kqv4kwUX
> +d+QShutUXaegRXAWXtdPa3yf/oOkwWKDM3FvT05ohKaSpXePrc3uv2FyJMBk33OY
> +3jdruE149LoGlWTvgrEvcQFEyjze+jIotupye03WoPtLc96pfyWtIAI9X39/jpE0
> +lwoQlr497jdbqZGef9Wse+NWR6QUFd1IzjJvxIMJBzG7NHdN9xJwhriyZBY76tJy
> +4HNrb85Zz1ZtqJQ8ENdHfrKRncdlI4qxypwVNsXZ27HnuB8JIB3al96TfOJdlOo4
> +2M5gyZ5D2m2dydKg6W1am1dThn0CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAh
> +Rkx6qdpYz+7TCoHuzb9zzwWTK+/1x31elqWC0mI0Jo8e9ttvDgU5pTzfu1ECL7xb
> +qKClXs7kVSFzkh2/U6T13H4O+LEFVz0MBF6mNcaugVlsKMUZS4za3R6XUb+L+CHc
> +ySMHemZm/OK2xufztOQ+fr5yPjplmPFsT3mKPBFZPZ8oyIDrneMdbE63WU5IufiH
> +zzUT+BXTb/sciW/sLCRce5/68Klhe02rQITc+FoTE3qy9Ak2lXYdyNgz62fIyane
> +mJp3M0aDNxlg0Dhv3TkU16B0QJEfYLwL+MqBfYhnx4nPTMWVZWb1wpgpd6KTtjdV
> +zPSFAVgwMFSaxFc15CG9
> +-----END CERTIFICATE REQUEST-----
> --
> 1.6.3.3
>
>
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev_openvswitch.org
More information about the dev
mailing list