[ovs-dev] [PATCH 7/7] vconn: Test SSL vconns too.

Justin Pettit jpettit at nicira.com
Thu Jan 7 16:00:59 PST 2010


Looks good.

--Justin


On Jan 7, 2010, at 3:01 PM, Ben Pfaff wrote:

> This test should help avoid simple bugs in the SSL vconn and SSL stream
> implementations in the future.  It would have found the bugs fixed by
> recent commits.
> ---
> tests/library.at          |    3 +-
> tests/test-vconn.c        |  227 ++++++++++++++++++++++++---------------------
> tests/testpki-cacert.pem  |   70 ++++++++++++++
> tests/testpki-cert.pem    |   70 ++++++++++++++
> tests/testpki-privkey.pem |   27 ++++++
> tests/testpki-req.pem     |   63 +++++++++++++
> 6 files changed, 352 insertions(+), 108 deletions(-)
> create mode 100644 tests/testpki-cacert.pem
> create mode 100644 tests/testpki-cert.pem
> create mode 100644 tests/testpki-privkey.pem
> create mode 100644 tests/testpki-req.pem
> 
> diff --git a/tests/library.at b/tests/library.at
> index ffcd4b8..eab1424 100644
> --- a/tests/library.at
> +++ b/tests/library.at
> @@ -36,5 +36,6 @@ OVS_CHECK_LCOV([test-type-props], [0], [ignore])
> AT_CLEANUP
> 
> AT_SETUP([test vconn library])
> -OVS_CHECK_LCOV([test-vconn], [0], [ignore])
> +AT_CHECK([cp $abs_top_srcdir/tests/testpki*.pem .])
> +OVS_CHECK_LCOV([test-vconn], [0], [], [ignore])
> AT_CLEANUP
> diff --git a/tests/test-vconn.c b/tests/test-vconn.c
> index 87e35c4..948f30a 100644
> --- a/tests/test-vconn.c
> +++ b/tests/test-vconn.c
> @@ -1,5 +1,5 @@
> /*
> - * Copyright (c) 2009 Nicira Networks.
> + * Copyright (c) 2009, 2010 Nicira Networks.
>  *
>  * Licensed under the Apache License, Version 2.0 (the "License");
>  * you may not use this file except in compliance with the License.
> @@ -23,6 +23,8 @@
> #include <unistd.h>
> #include "poll-loop.h"
> #include "socket-util.h"
> +#include "stream.h"
> +#include "stream-ssl.h"
> #include "timeval.h"
> #include "util.h"
> #include "vlog.h"
> @@ -34,94 +36,82 @@ struct fake_pvconn {
>     const char *type;
>     char *pvconn_name;
>     char *vconn_name;
> -    int fd;
> +    struct pstream *pstream;
> };
> 
> static void
> +check(int a, int b, const char *as, const char *file, int line)
> +{
> +    if (a != b) {
> +        ovs_fatal(0, "%s:%d: %s is %d but should be %d", file, line, as, a, b);
> +    }
> +}
> +
> +
> +#define CHECK(A, B) check(A, B, #A, __FILE__, __LINE__)
> +
> +static void
> +check_errno(int a, int b, const char *as, const char *file, int line)
> +{
> +    if (a != b) {
> +        ovs_fatal(0, "%s:%d: %s is %d (%s) but should be %d (%s)",
> +                  file, line, as, a, strerror(abs(a)), b, strerror(abs(b)));
> +    }
> +}
> +
> +#define CHECK_ERRNO(A, B) check_errno(A, B, #A, __FILE__, __LINE__)
> +
> +static void
> fpv_create(const char *type, struct fake_pvconn *fpv)
> {
>     fpv->type = type;
>     if (!strcmp(type, "unix")) {
>         static int unix_count = 0;
>         char *bind_path;
> -        int fd;
> 
>         bind_path = xasprintf("fake-pvconn.%d", unix_count++);
> -        fd = make_unix_socket(SOCK_STREAM, false, false, bind_path, NULL);
> -        if (fd < 0) {
> -            ovs_fatal(-fd, "%s: could not bind to Unix domain socket",
> -                      bind_path);
> -        }
> -
>         fpv->pvconn_name = xasprintf("punix:%s", bind_path);
>         fpv->vconn_name = xasprintf("unix:%s", bind_path);
> -        fpv->fd = fd;
> +        CHECK_ERRNO(pstream_open(fpv->pvconn_name, &fpv->pstream), 0);
>         free(bind_path);
> -    } else if (!strcmp(type, "tcp")) {
> -        struct sockaddr_in sin;
> -        socklen_t sin_len;
> -        int fd;
> -
> -        /* Create TCP socket. */
> -        fd = socket(PF_INET, SOCK_STREAM, 0);
> -        if (fd < 0) {
> -            ovs_fatal(errno, "failed to create TCP socket");
> -        }
> +    } else if (!strcmp(type, "tcp") || !strcmp(type, "ssl")) {
> +        char *s, *method, *port, *save_ptr = NULL;
> +        char *open_name;
> 
> -        /* Bind TCP socket to localhost on any available port. */
> -        sin.sin_family = AF_INET;
> -        sin.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
> -        sin.sin_port = htons(0);
> -        if (bind(fd, (struct sockaddr *) &sin, sizeof sin) < 0) {
> -            ovs_fatal(errno, "failed to bind TCP socket");
> -        }
> +        open_name = xasprintf("p%s:0:127.0.0.1", type);
> +        CHECK_ERRNO(pstream_open(open_name, &fpv->pstream), 0);
> 
> -        /* Retrieve socket's port number. */
> -        sin_len = sizeof sin;
> -        if (getsockname(fd, (struct sockaddr *)&sin, &sin_len) < 0) {
> -            ovs_fatal(errno, "failed to read TCP socket name");
> -        }
> -        if (sin_len != sizeof sin || sin.sin_family != AF_INET) {
> -            ovs_fatal(errno, "bad TCP socket name");
> -        }
> +        /* Extract bound port number from pstream name. */
> +        s = xstrdup(pstream_get_name(fpv->pstream));
> +        method = strtok_r(s, ":", &save_ptr);
> +        port = strtok_r(NULL, ":", &save_ptr);
> 
>         /* Save info. */
> -        fpv->pvconn_name = xasprintf("ptcp:%"PRIu16":127.0.0.1",
> -                                    ntohs(sin.sin_port));
> -        fpv->vconn_name = xasprintf("tcp:127.0.0.1:%"PRIu16,
> -                                    ntohs(sin.sin_port));
> -        fpv->fd = fd;
> +        fpv->pvconn_name = xstrdup(pstream_get_name(fpv->pstream));
> +        fpv->vconn_name = xasprintf("%s:127.0.0.1:%s", type, port);
> +
> +        free(open_name);
> +        free(s);
>     } else {
>         abort();
>     }
> -
> -    /* Listen. */
> -    if (listen(fpv->fd, 0) < 0) {
> -        ovs_fatal(errno, "%s: listen failed", fpv->vconn_name);
> -    }
> }
> 
> -static int
> +static struct stream *
> fpv_accept(struct fake_pvconn *fpv)
> {
> -    int fd;
> +    struct stream *stream;
> 
> -    fd = accept(fpv->fd, NULL, NULL);
> -    if (fd < 0) {
> -        ovs_fatal(errno, "%s: accept failed", fpv->pvconn_name);
> -    }
> -    return fd;
> +    CHECK_ERRNO(pstream_accept_block(fpv->pstream, &stream), 0);
> +
> +    return stream;
> }
> 
> static void
> fpv_close(struct fake_pvconn *fpv)
> {
> -    if (fpv->fd >= 0) {
> -        if (close(fpv->fd) < 0) {
> -            ovs_fatal(errno, "failed to close %s fake pvconn", fpv->type);
> -        }
> -        fpv->fd = -1;
> -    }
> +    pstream_close(fpv->pstream);
> +    fpv->pstream = NULL;
> }
> 
> static void
> @@ -141,10 +131,10 @@ test_refuse_connection(const char *type, int expected_error)
>     struct vconn *vconn;
> 
>     fpv_create(type, &fpv);
> -    assert(!vconn_open(fpv.vconn_name, OFP_VERSION, &vconn));
> +    CHECK_ERRNO(vconn_open(fpv.vconn_name, OFP_VERSION, &vconn), 0);
>     fpv_close(&fpv);
>     vconn_run(vconn);
> -    assert(vconn_connect(vconn) == expected_error);
> +    CHECK_ERRNO(vconn_connect(vconn), expected_error);
>     vconn_close(vconn);
>     fpv_destroy(&fpv);
> }
> @@ -159,11 +149,11 @@ test_accept_then_close(const char *type, int expected_error)
>     struct vconn *vconn;
> 
>     fpv_create(type, &fpv);
> -    assert(!vconn_open(fpv.vconn_name, OFP_VERSION, &vconn));
> +    CHECK_ERRNO(vconn_open(fpv.vconn_name, OFP_VERSION, &vconn), 0);
>     vconn_run(vconn);
> -    close(fpv_accept(&fpv));
> +    stream_close(fpv_accept(&fpv));
>     fpv_close(&fpv);
> -    assert(vconn_connect(vconn) == expected_error);
> +    CHECK_ERRNO(vconn_connect(vconn), expected_error);
>     vconn_close(vconn);
>     fpv_destroy(&fpv);
> }
> @@ -176,37 +166,36 @@ test_read_hello(const char *type, int expected_error)
> {
>     struct fake_pvconn fpv;
>     struct vconn *vconn;
> -    int fd;
> +    struct stream *stream;
> 
>     fpv_create(type, &fpv);
> -    assert(!vconn_open(fpv.vconn_name, OFP_VERSION, &vconn));
> +    CHECK_ERRNO(vconn_open(fpv.vconn_name, OFP_VERSION, &vconn), 0);
>     vconn_run(vconn);
> -    fd = fpv_accept(&fpv);
> +    stream = fpv_accept(&fpv);
>     fpv_destroy(&fpv);
> -    assert(!set_nonblocking(fd));
>     for (;;) {
>        struct ofp_header hello;
>        int retval;
> 
> -       retval = read(fd, &hello, sizeof hello);
> +       retval = stream_recv(stream, &hello, sizeof hello);
>        if (retval == sizeof hello) {
> -           assert(hello.version == OFP_VERSION);
> -           assert(hello.type == OFPT_HELLO);
> -           assert(hello.length == htons(sizeof hello));
> +           CHECK(hello.version, OFP_VERSION);
> +           CHECK(hello.type, OFPT_HELLO);
> +           CHECK(hello.length, htons(sizeof hello));
>            break;
>        } else {
> -           assert(errno == EAGAIN);
> +           CHECK_ERRNO(retval, -EAGAIN);
>        }
> 
>        vconn_run(vconn);
> -       assert(vconn_connect(vconn) == EAGAIN);
> +       CHECK_ERRNO(vconn_connect(vconn), EAGAIN);
>        vconn_run_wait(vconn);
>        vconn_connect_wait(vconn);
> -       poll_fd_wait(fd, POLLIN);
> +       stream_recv_wait(stream);
>        poll_block();
>     }
> -    close(fd);
> -    assert(vconn_connect(vconn) == expected_error);
> +    stream_close(stream);
> +    CHECK_ERRNO(vconn_connect(vconn), expected_error);
>     vconn_close(vconn);
> }
> 
> @@ -222,30 +211,46 @@ test_send_hello(const char *type, const void *out, size_t out_size,
>     struct vconn *vconn;
>     bool read_hello, connected;
>     struct ofpbuf *msg;
> -    int fd;
> +    struct stream *stream;
> +    size_t n_sent;
> 
>     fpv_create(type, &fpv);
> -    assert(!vconn_open(fpv.vconn_name, OFP_VERSION, &vconn));
> +    CHECK_ERRNO(vconn_open(fpv.vconn_name, OFP_VERSION, &vconn), 0);
>     vconn_run(vconn);
> -    fd = fpv_accept(&fpv);
> +    stream = fpv_accept(&fpv);
>     fpv_destroy(&fpv);
> 
> -    assert(write(fd, out, out_size) == out_size);
> -
> -    assert(!set_nonblocking(fd));
> +    n_sent = 0;
> +    while (n_sent < out_size) {
> +        int retval;
> +
> +        retval = stream_send(stream, (char *) out + n_sent, out_size - n_sent);
> +        if (retval > 0) {
> +            n_sent += retval;
> +        } else if (retval == -EAGAIN) {
> +            stream_run(stream);
> +            vconn_run(vconn);
> +            stream_recv_wait(stream);
> +            vconn_connect_wait(vconn);
> +            vconn_run_wait(vconn);
> +            poll_block();
> +        } else {
> +            ovs_fatal(0, "stream_send returned unexpected value %d", retval);
> +        }
> +    }
> 
>     read_hello = connected = false;
>     for (;;) {
>        if (!read_hello) {
>            struct ofp_header hello;
> -           int retval = read(fd, &hello, sizeof hello);
> +           int retval = stream_recv(stream, &hello, sizeof hello);
>            if (retval == sizeof hello) {
> -               assert(hello.version == OFP_VERSION);
> -               assert(hello.type == OFPT_HELLO);
> -               assert(hello.length == htons(sizeof hello));
> +               CHECK(hello.version, OFP_VERSION);
> +               CHECK(hello.type, OFPT_HELLO);
> +               CHECK(hello.length, htons(sizeof hello));
>                read_hello = true;
>            } else {
> -               assert(errno == EAGAIN);
> +               CHECK_ERRNO(retval, -EAGAIN);
>            }
>        }
> 
> @@ -256,12 +261,12 @@ test_send_hello(const char *type, const void *out, size_t out_size,
>                if (!error) {
>                    connected = true;
>                } else {
> -                   close(fd);
> +                   stream_close(stream);
>                    vconn_close(vconn);
>                    return;
>                }
>            } else {
> -               assert(error == EAGAIN);
> +               CHECK_ERRNO(error, EAGAIN);
>            }
>        }
> 
> @@ -274,12 +279,12 @@ test_send_hello(const char *type, const void *out, size_t out_size,
>            vconn_connect_wait(vconn);
>        }
>        if (!read_hello) {
> -           poll_fd_wait(fd, POLLIN);
> +           stream_recv_wait(stream);
>        }
>        poll_block();
>     }
> -    close(fd);
> -    assert(vconn_recv(vconn, &msg) == EOF);
> +    stream_close(stream);
> +    CHECK_ERRNO(vconn_recv(vconn, &msg), EOF);
>     vconn_close(vconn);
> }
> 
> @@ -360,33 +365,41 @@ main(int argc UNUSED, char *argv[])
>     time_init();
>     vlog_init();
>     signal(SIGPIPE, SIG_IGN);
> -    vlog_set_levels(VLM_ANY_MODULE, VLF_ANY_FACILITY, VLL_EMER);
> 
>     time_alarm(10);
> 
>     test_refuse_connection("unix", EPIPE);
> -    test_refuse_connection("tcp", ECONNRESET);
> -
>     test_accept_then_close("unix", EPIPE);
> -    test_accept_then_close("tcp", ECONNRESET);
> -
>     test_read_hello("unix", ECONNRESET);
> -    test_read_hello("tcp", ECONNRESET);
> -
>     test_send_plain_hello("unix");
> -    test_send_plain_hello("tcp");
> -
>     test_send_long_hello("unix");
> -    test_send_long_hello("tcp");
> -
>     test_send_echo_hello("unix");
> -    test_send_echo_hello("tcp");
> -
>     test_send_short_hello("unix");
> -    test_send_short_hello("tcp");
> -
>     test_send_invalid_version_hello("unix");
> +
> +    test_accept_then_close("tcp", ECONNRESET);
> +    test_refuse_connection("tcp", ECONNRESET);
> +    test_read_hello("tcp", ECONNRESET);
> +    test_send_plain_hello("tcp");
> +    test_send_long_hello("tcp");
> +    test_send_echo_hello("tcp");
> +    test_send_short_hello("tcp");
>     test_send_invalid_version_hello("tcp");
> 
> +#ifdef HAVE_OPENSSL
> +    stream_ssl_set_private_key_file("testpki-privkey.pem");
> +    stream_ssl_set_certificate_file("testpki-cert.pem");
> +    stream_ssl_set_ca_cert_file("testpki-cacert.pem", false);
> +
> +    test_accept_then_close("ssl", EPROTO);
> +    test_refuse_connection("ssl", ECONNRESET);
> +    test_read_hello("ssl", ECONNRESET);
> +    test_send_plain_hello("ssl");
> +    test_send_long_hello("ssl");
> +    test_send_echo_hello("ssl");
> +    test_send_short_hello("ssl");
> +    test_send_invalid_version_hello("ssl");
> +#endif  /* HAVE_OPENSSL */
> +
>     return 0;
> }
> diff --git a/tests/testpki-cacert.pem b/tests/testpki-cacert.pem
> new file mode 100644
> index 0000000..e888505
> --- /dev/null
> +++ b/tests/testpki-cacert.pem
> @@ -0,0 +1,70 @@
> +Certificate:
> +    Data:
> +        Version: 1 (0x0)
> +        Serial Number: 1 (0x1)
> +        Signature Algorithm: md5WithRSAEncryption
> +        Issuer: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2010 Jan 06 17:08:30)
> +        Validity
> +            Not Before: Jan  7 01:08:32 2010 GMT
> +            Not After : Jan  7 01:08:32 2016 GMT
> +        Subject: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2010 Jan 06 17:08:30)
> +        Subject Public Key Info:
> +            Public Key Algorithm: rsaEncryption
> +            RSA Public Key: (2048 bit)
> +                Modulus (2048 bit):
> +                    00:cc:b2:25:ba:07:b8:d6:e1:23:20:1e:41:a1:49:
> +                    35:68:09:71:19:ef:68:a0:45:e0:bd:33:41:0d:2b:
> +                    b7:7d:33:16:57:d4:16:da:ba:a0:7e:ae:9c:76:5b:
> +                    92:93:96:a9:5b:bd:6f:b3:fd:6a:62:b9:10:46:98:
> +                    d9:b4:ea:ab:99:f3:72:4b:d1:11:81:77:75:09:be:
> +                    fd:9f:55:f7:6c:78:0a:b1:9d:f8:c5:c5:a0:de:05:
> +                    0d:78:62:66:ed:b1:0f:b3:9a:69:fd:13:9f:43:a7:
> +                    aa:e4:3c:a1:63:68:46:c2:a1:56:56:eb:62:b5:0e:
> +                    2b:be:7b:8e:c9:aa:c2:6f:04:af:7b:5a:ed:4b:16:
> +                    fb:47:4d:45:81:d8:b8:2e:08:21:a7:4d:cc:78:9b:
> +                    b0:b0:a0:18:91:53:ab:64:c3:eb:66:74:93:cc:8a:
> +                    b4:40:c5:4e:2e:cc:c5:63:c0:6b:2d:6e:cd:b9:1c:
> +                    a9:45:ad:82:0a:d2:1f:5d:84:bc:29:a1:82:0d:75:
> +                    1c:1a:21:8b:15:03:88:94:e5:89:ed:48:22:e0:7e:
> +                    b9:15:f1:13:fb:6c:a2:48:c7:2d:e5:01:04:b7:23:
> +                    6a:06:45:7b:e3:14:59:ac:1d:87:e6:a5:ec:7c:86:
> +                    80:17:64:71:a0:43:27:27:f5:2c:bd:34:60:c7:a1:
> +                    22:3f
> +                Exponent: 65537 (0x10001)
> +    Signature Algorithm: md5WithRSAEncryption
> +        c7:85:13:17:b6:ca:c8:1b:8a:8e:eb:3b:64:05:e4:d5:a2:2c:
> +        6b:ee:83:d8:e0:67:f9:99:59:15:59:9d:6d:16:c0:6b:c3:ed:
> +        61:31:0a:40:1b:63:1d:57:a5:67:3d:46:55:6b:9f:ed:18:79:
> +        45:fc:db:d9:48:d2:86:0f:aa:e0:43:18:3f:f4:e3:71:a3:28:
> +        d4:00:ae:7c:0e:91:2c:5b:5b:ff:be:ad:b6:4b:b7:0e:e3:ea:
> +        7a:66:69:6c:83:90:0c:59:c1:d7:4d:1a:b9:69:0d:ac:6e:07:
> +        b3:42:3c:3e:54:ac:85:c5:58:67:51:2a:c0:05:1f:70:6a:07:
> +        86:2c:42:56:ee:3b:69:7b:db:35:e6:c6:5b:eb:25:66:ca:89:
> +        bb:d7:37:ae:d2:b9:e8:56:38:a2:ec:ff:45:38:97:ae:43:20:
> +        c8:55:c9:c8:0f:45:37:70:97:b9:8a:2e:56:52:6f:20:f3:08:
> +        b7:1a:26:98:b9:d9:7d:52:69:b3:95:2b:c5:4e:0c:7b:fd:cd:
> +        6a:a2:23:cf:eb:ee:de:74:17:0b:cc:a3:91:f1:41:0b:1e:94:
> +        e2:ea:52:85:c1:3d:de:f9:e6:44:5a:f6:fe:7d:2f:fb:6f:60:
> +        89:2c:f0:0c:c7:c7:fb:6f:23:4d:a1:18:89:28:ea:61:f4:3a:
> +        9d:ca:1f:60
> +-----BEGIN CERTIFICATE-----
> +MIIDeDCCAmACAQEwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD
> +VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMREwDwYDVQQLEwhzd2l0Y2hj
> +YTE7MDkGA1UEAxMyT1ZTIHN3aXRjaGNhIENBIENlcnRpZmljYXRlICgyMDEwIEph
> +biAwNiAxNzowODozMCkwHhcNMTAwMTA3MDEwODMyWhcNMTYwMTA3MDEwODMyWjCB
> +gTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQKEwxPcGVuIHZTd2l0
> +Y2gxETAPBgNVBAsTCHN3aXRjaGNhMTswOQYDVQQDEzJPVlMgc3dpdGNoY2EgQ0Eg
> +Q2VydGlmaWNhdGUgKDIwMTAgSmFuIDA2IDE3OjA4OjMwKTCCASIwDQYJKoZIhvcN
> +AQEBBQADggEPADCCAQoCggEBAMyyJboHuNbhIyAeQaFJNWgJcRnvaKBF4L0zQQ0r
> +t30zFlfUFtq6oH6unHZbkpOWqVu9b7P9amK5EEaY2bTqq5nzckvREYF3dQm+/Z9V
> +92x4CrGd+MXFoN4FDXhiZu2xD7Oaaf0Tn0OnquQ8oWNoRsKhVlbrYrUOK757jsmq
> +wm8Er3ta7UsW+0dNRYHYuC4IIadNzHibsLCgGJFTq2TD62Z0k8yKtEDFTi7MxWPA
> +ay1uzbkcqUWtggrSH12EvCmhgg11HBohixUDiJTlie1IIuB+uRXxE/tsokjHLeUB
> +BLcjagZFe+MUWawdh+al7HyGgBdkcaBDJyf1LL00YMehIj8CAwEAATANBgkqhkiG
> +9w0BAQQFAAOCAQEAx4UTF7bKyBuKjus7ZAXk1aIsa+6D2OBn+ZlZFVmdbRbAa8Pt
> +YTEKQBtjHVelZz1GVWuf7Rh5Rfzb2UjShg+q4EMYP/TjcaMo1ACufA6RLFtb/76t
> +tku3DuPqemZpbIOQDFnB100auWkNrG4Hs0I8PlSshcVYZ1EqwAUfcGoHhixCVu47
> +aXvbNebGW+slZsqJu9c3rtK56FY4ouz/RTiXrkMgyFXJyA9FN3CXuYouVlJvIPMI
> +txommLnZfVJps5UrxU4Me/3NaqIjz+vu3nQXC8yjkfFBCx6U4upShcE93vnmRFr2
> +/n0v+29giSzwDMfH+28jTaEYiSjqYfQ6ncofYA==
> +-----END CERTIFICATE-----
> diff --git a/tests/testpki-cert.pem b/tests/testpki-cert.pem
> new file mode 100644
> index 0000000..75d815d
> --- /dev/null
> +++ b/tests/testpki-cert.pem
> @@ -0,0 +1,70 @@
> +Certificate:
> +    Data:
> +        Version: 1 (0x0)
> +        Serial Number: 2 (0x2)
> +        Signature Algorithm: md5WithRSAEncryption
> +        Issuer: C=US, ST=CA, O=Open vSwitch, OU=switchca, CN=OVS switchca CA Certificate (2010 Jan 06 17:08:30)
> +        Validity
> +            Not Before: Jan  7 01:08:59 2010 GMT
> +            Not After : Jan  7 01:08:59 2011 GMT
> +        Subject: C=US, ST=CA, O=Open vSwitch, OU=Open vSwitch certifier, CN=Open vSwitch certificate for testpki
> +        Subject Public Key Info:
> +            Public Key Algorithm: rsaEncryption
> +            RSA Public Key: (2048 bit)
> +                Modulus (2048 bit):
> +                    00:ac:3f:c6:b1:ef:a3:e3:68:98:2c:91:a1:3a:21:
> +                    02:38:87:5b:75:7a:1c:17:c9:b0:64:a9:f7:80:17:
> +                    08:0f:b5:25:b4:46:80:6b:7e:92:ab:f8:93:05:17:
> +                    77:e4:12:86:eb:54:5d:a7:a0:45:70:16:5e:d7:4f:
> +                    6b:7c:9f:fe:83:a4:c1:62:83:33:71:6f:4f:4e:68:
> +                    84:a6:92:a5:77:8f:ad:cd:ee:bf:61:72:24:c0:64:
> +                    df:73:98:de:37:6b:b8:4d:78:f4:ba:06:95:64:ef:
> +                    82:b1:2f:71:01:44:ca:3c:de:fa:32:28:b6:ea:72:
> +                    7b:4d:d6:a0:fb:4b:73:de:a9:7f:25:ad:20:02:3d:
> +                    5f:7f:7f:8e:91:34:97:0a:10:96:be:3d:ee:37:5b:
> +                    a9:91:9e:7f:d5:ac:7b:e3:56:47:a4:14:15:dd:48:
> +                    ce:32:6f:c4:83:09:07:31:bb:34:77:4d:f7:12:70:
> +                    86:b8:b2:64:16:3b:ea:d2:72:e0:73:6b:6f:ce:59:
> +                    cf:56:6d:a8:94:3c:10:d7:47:7e:b2:91:9d:c7:65:
> +                    23:8a:b1:ca:9c:15:36:c5:d9:db:b1:e7:b8:1f:09:
> +                    20:1d:da:97:de:93:7c:e2:5d:94:ea:38:d8:ce:60:
> +                    c9:9e:43:da:6d:9d:c9:d2:a0:e9:6d:5a:9b:57:53:
> +                    86:7d
> +                Exponent: 65537 (0x10001)
> +    Signature Algorithm: md5WithRSAEncryption
> +        19:a9:2a:66:fc:09:78:c9:87:e6:73:be:9a:d2:b7:87:07:7b:
> +        93:70:04:cd:f2:c9:47:a3:8f:9f:c4:af:92:ef:cf:07:d3:83:
> +        90:f7:8a:f0:55:f6:8a:2e:af:57:b9:e4:9c:72:37:b7:af:12:
> +        fb:dc:07:9b:94:7b:18:c8:53:86:6d:02:77:eb:e3:ac:21:e1:
> +        6d:b5:fe:04:6b:a1:d2:78:a6:58:4b:5d:a7:17:e1:3b:d9:94:
> +        ab:81:5e:c1:9a:b5:34:a5:a7:9a:2b:1b:74:d7:a4:aa:fa:81:
> +        5c:e5:5f:1a:07:54:36:21:76:04:a9:5e:11:38:46:b8:1c:11:
> +        15:78:f8:0c:31:8d:9a:a3:e4:d0:72:a8:29:80:c2:3d:9d:f6:
> +        61:dd:ca:c9:6c:7e:ca:c0:0d:61:28:4d:3e:ea:51:9d:c2:c4:
> +        7c:47:da:cc:24:35:9c:2a:0d:ac:ea:5f:33:5a:ab:b7:94:cb:
> +        3f:91:38:92:a3:62:3b:40:ef:79:55:96:b3:24:5a:19:a2:53:
> +        99:63:f9:85:d4:b6:48:b8:9a:f8:bc:b7:74:f8:cf:95:dc:1a:
> +        f2:66:cd:2b:4b:d4:c1:19:69:77:f9:f6:08:04:61:cd:80:ee:
> +        46:44:27:82:49:60:a9:be:4b:51:75:ca:15:16:0b:97:c2:2f:
> +        26:f2:dd:42
> +-----BEGIN CERTIFICATE-----
> +MIIDeDCCAmACAQIwDQYJKoZIhvcNAQEEBQAwgYExCzAJBgNVBAYTAlVTMQswCQYD
> +VQQIEwJDQTEVMBMGA1UEChMMT3BlbiB2U3dpdGNoMREwDwYDVQQLEwhzd2l0Y2hj
> +YTE7MDkGA1UEAxMyT1ZTIHN3aXRjaGNhIENBIENlcnRpZmljYXRlICgyMDEwIEph
> +biAwNiAxNzowODozMCkwHhcNMTAwMTA3MDEwODU5WhcNMTEwMTA3MDEwODU5WjCB
> +gTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRUwEwYDVQQKEwxPcGVuIHZTd2l0
> +Y2gxHzAdBgNVBAsTFk9wZW4gdlN3aXRjaCBjZXJ0aWZpZXIxLTArBgNVBAMTJE9w
> +ZW4gdlN3aXRjaCBjZXJ0aWZpY2F0ZSBmb3IgdGVzdHBraTCCASIwDQYJKoZIhvcN
> +AQEBBQADggEPADCCAQoCggEBAKw/xrHvo+NomCyRoTohAjiHW3V6HBfJsGSp94AX
> +CA+1JbRGgGt+kqv4kwUXd+QShutUXaegRXAWXtdPa3yf/oOkwWKDM3FvT05ohKaS
> +pXePrc3uv2FyJMBk33OY3jdruE149LoGlWTvgrEvcQFEyjze+jIotupye03WoPtL
> +c96pfyWtIAI9X39/jpE0lwoQlr497jdbqZGef9Wse+NWR6QUFd1IzjJvxIMJBzG7
> +NHdN9xJwhriyZBY76tJy4HNrb85Zz1ZtqJQ8ENdHfrKRncdlI4qxypwVNsXZ27Hn
> +uB8JIB3al96TfOJdlOo42M5gyZ5D2m2dydKg6W1am1dThn0CAwEAATANBgkqhkiG
> +9w0BAQQFAAOCAQEAGakqZvwJeMmH5nO+mtK3hwd7k3AEzfLJR6OPn8Svku/PB9OD
> +kPeK8FX2ii6vV7nknHI3t68S+9wHm5R7GMhThm0Cd+vjrCHhbbX+BGuh0nimWEtd
> +pxfhO9mUq4FewZq1NKWnmisbdNekqvqBXOVfGgdUNiF2BKleEThGuBwRFXj4DDGN
> +mqPk0HKoKYDCPZ32Yd3KyWx+ysANYShNPupRncLEfEfazCQ1nCoNrOpfM1qrt5TL
> +P5E4kqNiO0DveVWWsyRaGaJTmWP5hdS2SLia+Ly3dPjPldwa8mbNK0vUwRlpd/n2
> +CARhzYDuRkQngklgqb5LUXXKFRYLl8IvJvLdQg==
> +-----END CERTIFICATE-----
> diff --git a/tests/testpki-privkey.pem b/tests/testpki-privkey.pem
> new file mode 100644
> index 0000000..759f58a
> --- /dev/null
> +++ b/tests/testpki-privkey.pem
> @@ -0,0 +1,27 @@
> +-----BEGIN RSA PRIVATE KEY-----
> +MIIEpAIBAAKCAQEArD/Gse+j42iYLJGhOiECOIdbdXocF8mwZKn3gBcID7UltEaA
> +a36Sq/iTBRd35BKG61Rdp6BFcBZe109rfJ/+g6TBYoMzcW9PTmiEppKld4+tze6/
> +YXIkwGTfc5jeN2u4TXj0ugaVZO+CsS9xAUTKPN76Mii26nJ7Tdag+0tz3ql/Ja0g
> +Aj1ff3+OkTSXChCWvj3uN1upkZ5/1ax741ZHpBQV3UjOMm/EgwkHMbs0d033EnCG
> +uLJkFjvq0nLgc2tvzlnPVm2olDwQ10d+spGdx2UjirHKnBU2xdnbsee4HwkgHdqX
> +3pN84l2U6jjYzmDJnkPabZ3J0qDpbVqbV1OGfQIDAQABAoIBADr/MSAa82hdl9mU
> +G8PcMHWKLxJCu8KOC0O/T41o1hMDOaHQkAXBeZ07a6fPzPmqOtn5sIZMh9wHXX6j
> +ri4mYrdWRAJo68LLnD8/30dqbRBRfvdM8fH/dYUMR9jBIEOdOqgWaMQaoyrKOlpT
> +5IHJvPcybEGn3lbY1VDo1YSc6Ff36AGLdORVH8dY9tYx/IKbyzRmDvzai6EVSDtl
> +yp2zinXRNJ+AVwB0epsKbOVZa0WaYN1KclqOtFn7xANoUvy5YBHZDedC3yWxuZvZ
> +dNeTjUniauukz7ivKg9/rWZFfYZ2251mrOfO9aIHOUzBurbDS/rzjVgwQmv483T9
> +2cDL/IUCgYEA3tXDA0Mcv1d7IzP6A4CQ6o49JyWVkMHxKkhZy1cR+pBRc7tgpQrF
> +YrtEWdsDvUJLGMUQBmm7VMpMjTRQ/YuBcdIB2USkJcDHPaZRAA1mlDPG6cSsy7yI
> +d2qZFOOkUEjLqKicxiHTrCOz9HBb1McolTo9h5SdfBy5bHb9LPul3E8CgYEAxeKk
> +L3m1C1rFVpVF8zoHF+zK3/d9zwzdLzmFfFrKqzIT3/6cJKEwHLJN69mja60+MKLZ
> +6F1G+R4/JxE8TnCSXHh7UYULhyFolZaWwZn5xVld0210QU+f4EBUZMt4bZjDxEyr
> +/vxDZaqu7SB5Mmqq++C9YzdeIk1GGJ0TE2MmwXMCgYEAuPJ+ayS2pXD8ONmY9nMs
> +1CC+TNF686ykd02ZiZV4zJgfooiwzArGjQ2Uy2dmER0Gq0ZT6J605skJBGGZnva8
> +tzVwZ137R4JbW6XAsORucS8QN1IPgQG32jVVXOsbo67nqdJYXHIS91qir4zaCx5J
> +ZqHyE6ebljlZBNc1hrJOlS0CgYEAhoc/626oYCHDistMlMBcVi2K9pwAkaRDMnm+
> +f/4RTjVrQZqMeHKEjN3DD5YT/X33i4UK82eGepHPiTW0c/cf6XGXFKKIZcOWoCuS
> +LegJ39qTaMs+f7AsFn5lYWjaZFe4r1kYjO7eut1AssCi5F2UBEyTNEJN4q/5+X2/
> +nCyKCnUCgYBzxbUnJBhuA8ivNb/lXdGCvqnBaZb1Bjb+Ljv0yDhMVEJwKpGpm5H3
> +DySodzklBrU+eL9TLPcFM6N+okmDsMQqUygUJ1PXLRZKnpLVRILmHcMWbgCrbw4Q
> +pd22A01NncdtPY2107ZeVZnjzqHF+5CXxMlKBl4QG07KFtzbNOcQuA==
> +-----END RSA PRIVATE KEY-----
> diff --git a/tests/testpki-req.pem b/tests/testpki-req.pem
> new file mode 100644
> index 0000000..da53b10
> --- /dev/null
> +++ b/tests/testpki-req.pem
> @@ -0,0 +1,63 @@
> +Certificate Request:
> +    Data:
> +        Version: 0 (0x0)
> +        Subject: C=US, ST=CA, L=Palo Alto, O=Open vSwitch, OU=Open vSwitch certifier, CN=Open vSwitch certificate for testpki
> +        Subject Public Key Info:
> +            Public Key Algorithm: rsaEncryption
> +            RSA Public Key: (2048 bit)
> +                Modulus (2048 bit):
> +                    00:ac:3f:c6:b1:ef:a3:e3:68:98:2c:91:a1:3a:21:
> +                    02:38:87:5b:75:7a:1c:17:c9:b0:64:a9:f7:80:17:
> +                    08:0f:b5:25:b4:46:80:6b:7e:92:ab:f8:93:05:17:
> +                    77:e4:12:86:eb:54:5d:a7:a0:45:70:16:5e:d7:4f:
> +                    6b:7c:9f:fe:83:a4:c1:62:83:33:71:6f:4f:4e:68:
> +                    84:a6:92:a5:77:8f:ad:cd:ee:bf:61:72:24:c0:64:
> +                    df:73:98:de:37:6b:b8:4d:78:f4:ba:06:95:64:ef:
> +                    82:b1:2f:71:01:44:ca:3c:de:fa:32:28:b6:ea:72:
> +                    7b:4d:d6:a0:fb:4b:73:de:a9:7f:25:ad:20:02:3d:
> +                    5f:7f:7f:8e:91:34:97:0a:10:96:be:3d:ee:37:5b:
> +                    a9:91:9e:7f:d5:ac:7b:e3:56:47:a4:14:15:dd:48:
> +                    ce:32:6f:c4:83:09:07:31:bb:34:77:4d:f7:12:70:
> +                    86:b8:b2:64:16:3b:ea:d2:72:e0:73:6b:6f:ce:59:
> +                    cf:56:6d:a8:94:3c:10:d7:47:7e:b2:91:9d:c7:65:
> +                    23:8a:b1:ca:9c:15:36:c5:d9:db:b1:e7:b8:1f:09:
> +                    20:1d:da:97:de:93:7c:e2:5d:94:ea:38:d8:ce:60:
> +                    c9:9e:43:da:6d:9d:c9:d2:a0:e9:6d:5a:9b:57:53:
> +                    86:7d
> +                Exponent: 65537 (0x10001)
> +        Attributes:
> +            a0:00
> +    Signature Algorithm: sha1WithRSAEncryption
> +        21:46:4c:7a:a9:da:58:cf:ee:d3:0a:81:ee:cd:bf:73:cf:05:
> +        93:2b:ef:f5:c7:7d:5e:96:a5:82:d2:62:34:26:8f:1e:f6:db:
> +        6f:0e:05:39:a5:3c:df:bb:51:02:2f:bc:5b:a8:a0:a5:5e:ce:
> +        e4:55:21:73:92:1d:bf:53:a4:f5:dc:7e:0e:f8:b1:05:57:3d:
> +        0c:04:5e:a6:35:c6:ae:81:59:6c:28:c5:19:4b:8c:da:dd:1e:
> +        97:51:bf:8b:f8:21:dc:c9:23:07:7a:66:66:fc:e2:b6:c6:e7:
> +        f3:b4:e4:3e:7e:be:72:3e:3a:65:98:f1:6c:4f:79:8a:3c:11:
> +        59:3d:9f:28:c8:80:eb:9d:e3:1d:6c:4e:b7:59:4e:48:b9:f8:
> +        87:cf:35:13:f8:15:d3:6f:fb:1c:89:6f:ec:2c:24:5c:7b:9f:
> +        fa:f0:a9:61:7b:4d:ab:40:84:dc:f8:5a:13:13:7a:b2:f4:09:
> +        36:95:76:1d:c8:d8:33:eb:67:c8:c9:a9:de:98:9a:77:33:46:
> +        83:37:19:60:d0:38:6f:dd:39:14:d7:a0:74:40:91:1f:60:bc:
> +        0b:f8:ca:81:7d:88:67:c7:89:cf:4c:c5:95:65:66:f5:c2:98:
> +        29:77:a2:93:b6:37:55:cc:f4:85:01:58:30:30:54:9a:c4:57:
> +        35:e4:21:bd
> +-----BEGIN CERTIFICATE REQUEST-----
> +MIIC2zCCAcMCAQAwgZUxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTESMBAGA1UE
> +BxMJUGFsbyBBbHRvMRUwEwYDVQQKEwxPcGVuIHZTd2l0Y2gxHzAdBgNVBAsTFk9w
> +ZW4gdlN3aXRjaCBjZXJ0aWZpZXIxLTArBgNVBAMTJE9wZW4gdlN3aXRjaCBjZXJ0
> +aWZpY2F0ZSBmb3IgdGVzdHBraTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
> +ggEBAKw/xrHvo+NomCyRoTohAjiHW3V6HBfJsGSp94AXCA+1JbRGgGt+kqv4kwUX
> +d+QShutUXaegRXAWXtdPa3yf/oOkwWKDM3FvT05ohKaSpXePrc3uv2FyJMBk33OY
> +3jdruE149LoGlWTvgrEvcQFEyjze+jIotupye03WoPtLc96pfyWtIAI9X39/jpE0
> +lwoQlr497jdbqZGef9Wse+NWR6QUFd1IzjJvxIMJBzG7NHdN9xJwhriyZBY76tJy
> +4HNrb85Zz1ZtqJQ8ENdHfrKRncdlI4qxypwVNsXZ27HnuB8JIB3al96TfOJdlOo4
> +2M5gyZ5D2m2dydKg6W1am1dThn0CAwEAAaAAMA0GCSqGSIb3DQEBBQUAA4IBAQAh
> +Rkx6qdpYz+7TCoHuzb9zzwWTK+/1x31elqWC0mI0Jo8e9ttvDgU5pTzfu1ECL7xb
> +qKClXs7kVSFzkh2/U6T13H4O+LEFVz0MBF6mNcaugVlsKMUZS4za3R6XUb+L+CHc
> +ySMHemZm/OK2xufztOQ+fr5yPjplmPFsT3mKPBFZPZ8oyIDrneMdbE63WU5IufiH
> +zzUT+BXTb/sciW/sLCRce5/68Klhe02rQITc+FoTE3qy9Ak2lXYdyNgz62fIyane
> +mJp3M0aDNxlg0Dhv3TkU16B0QJEfYLwL+MqBfYhnx4nPTMWVZWb1wpgpd6KTtjdV
> +zPSFAVgwMFSaxFc15CG9
> +-----END CERTIFICATE REQUEST-----
> -- 
> 1.6.3.3
> 
> 
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev_openvswitch.org





More information about the dev mailing list