From b84f503d84d0268c17d5887c6526a3aaee56795c Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Fri, 9 Apr 2010 16:01:02 -0700 Subject: [PATCH] stream-ssl: Read existing CA certificate more eagerly during bootstrap. When do_ca_cert_bootstrap() attempts to bootstrap a CA certificate from a remote host, it gives up if the CA certificate file already exists. It knows that this file did not exist some time earlier (because it checked), so it logged a warning and just returns. The next time that stream_ssl_set_ca_cert_file() gets called, it will read the new CA certificate file and all will be well. That works OK in ovsdb-server, which calls stream_ssl_set_ca_cert_file() every time through its main loop. It does not work well for ovs-vswitchd, which only calls that function when it needs to reconfigure. But it should work fine to call it directly from do_ca_cert_bootstrap(), so this commit changes it to do that. Bug #2635. --- lib/stream-ssl.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/stream-ssl.c b/lib/stream-ssl.c index 215934d16..830b482f4 100644 --- a/lib/stream-ssl.c +++ b/lib/stream-ssl.c @@ -334,10 +334,9 @@ do_ca_cert_bootstrap(struct stream *stream) fd = open(ca_cert.file_name, O_CREAT | O_EXCL | O_WRONLY, 0444); if (fd < 0) { if (errno == EEXIST) { - VLOG_INFO("CA cert %s created by another process", + VLOG_INFO("reading CA cert %s created by another process", ca_cert.file_name); - /* We'll read it the next time around the main loop because - * update_ssl_config() will see that it now exists. */ + stream_ssl_set_ca_cert_file(ca_cert.file_name, true); return EPROTO; } else { VLOG_ERR("could not bootstrap CA cert: creating %s failed: %s", -- 2.43.0