[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 5/6] tests: add iotests helpers for dealing with
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH 5/6] tests: add iotests helpers for dealing with TLS certificates |
Date: |
Fri, 16 Nov 2018 10:39:03 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0 |
On 11/16/18 9:53 AM, Daniel P. Berrangé wrote:
Add helpers to common.tls for creating TLS certificates for a CA,
server and client.
MUCH appreciated! We NEED this coverage, easily automated.
Signed-off-by: Daniel P. Berrangé <address@hidden>
---
tests/qemu-iotests/common.tls | 139 ++++++++++++++++++++++++++++++++++
1 file changed, 139 insertions(+)
create mode 100644 tests/qemu-iotests/common.tls
diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls
new file mode 100644
I was a bit surprised that this wasn't 100755, but this matches the fact
that none of the other common.* are executable. And after thinking more,
it makes sense - they aren't standalone scripts, but designed to be
sourced, and 'source' doesn't care about execute bits.
+tls_dir="${TEST_DIR}/tls"
+
+function tls_x509_cleanup()
+{
+ rm -f ${tls_dir}/*.pem
+ rm -f ${tls_dir}/*/*.pem
+ rmdir ${tls_dir}/*
+ rmdir ${tls_dir}
Why not just:
rm -rf $tls_dir
Also, the quoting is a bit inconsistent. if ${TEST_DIR} can contain
spaces, then all uses of ${tls_dir} need to be in "".
+}
+
+
+function tls_x509_init()
+{
+ mkdir "${tls_dir}"
And this just highlights the quoting inconsistency. Should this use
mkdir -p?
+
+function tls_x509_create_root_ca()
+{
+ name=$1
+
+ test -z "$name" && name=ca-cert
Could also be shortened as:
name=${1:-ca-cert}
+
+ cat > ${tls_dir}/ca.info <<EOF
+cn = Cthulu Dark Lord Enterprises $name
s/Cthulu/Cthulhu/ - after all, we don't want him coming after us just
because we botched the spelling of his name :)
+ca
+cert_signing_key
+EOF
+
+ certtool --generate-self-signed \
+ --load-privkey ${tls_dir}/key.pem \
+ --template ${tls_dir}/ca.info \
+ --outfile ${tls_dir}/$name-cert.pem 2>&1 | head -1
More missing ""
+
+ rm -f ${tls_dir}/ca.info
+}
+
+
+function tls_x509_create_server()
+{
+ caname=$1
+ name=$2
+
+ mkdir ${tls_dir}/$name
+ cat > ${tls_dir}/cert.info <<EOF
+organization = Cthulu Dark Lord Enterprises $name
Matched spelling
+function tls_x509_create_client()
+{
+ caname=$1
+ name=$2
+
+ mkdir ${tls_dir}/$name
+ cat > ${tls_dir}/cert.info <<EOF
+country = South Pacific
+locality = R'lyeh
+organization = Cthulu Dark Lord Enterprises $name
And again
Needs several touch-ups, but the idea itself is sound.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
- Re: [Qemu-devel] [PATCH 7/6] iotests: Also test I/O over NBD TLS, (continued)
Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode, Eric Blake, 2018/11/19
Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode, Kevin Wolf, 2018/11/20
- Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode, Eric Blake, 2018/11/20
- Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode, Daniel P . Berrangé, 2018/11/20
- Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode, Eric Blake, 2018/11/20
- Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode, Kevin Wolf, 2018/11/20
- Re: [Qemu-devel] [PATCH 6/6] tests: exercise NBD server in TLS mode, Daniel P . Berrangé, 2018/11/21
[Qemu-devel] [PATCH 5/6] tests: add iotests helpers for dealing with TLS certificates, Daniel P . Berrangé, 2018/11/16
- Re: [Qemu-devel] [PATCH 5/6] tests: add iotests helpers for dealing with TLS certificates,
Eric Blake <=
Re: [Qemu-devel] [PATCH 0/6] Misc fixes to NBD, Eric Blake, 2018/11/17
Re: [Qemu-devel] [PATCH 0/6] Misc fixes to NBD, Eric Blake, 2018/11/27