diff options
author | Mark Gray <mark.d.gray@redhat.com> | 2020-12-24 07:59:38 -0500 |
---|---|---|
committer | Ilya Maximets <i.maximets@ovn.org> | 2021-01-05 19:34:10 +0100 |
commit | 6d2a5be5f67024bc133a090e792f816f9dd8c030 (patch) | |
tree | 3ad2ea2e5b5545d98f7100605fcb3947e85f281a /ipsec | |
parent | 1d4190c1ee165ab012ecb9882217151b09d3a85d (diff) | |
download | openvswitch-6d2a5be5f67024bc133a090e792f816f9dd8c030.tar.gz |
ovs-monitor-ipsec: set correct 'leftcert' and 'rightcert' name.
In Libreswan case, 'ovs-monitor-ipsec' incorrectly configures
'leftcert' and 'rightcert' names for self-signed certificates.
This patch resolves that.
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=1906280
Signed-off-by: Mark Gray <mark.d.gray@redhat.com>
Acked-by: Eelco Chaudron <echaudro@redhat.com>
Acked-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
Diffstat (limited to 'ipsec')
-rwxr-xr-x | ipsec/ovs-monitor-ipsec.in | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in index 5561657ab..b72d562c7 100755 --- a/ipsec/ovs-monitor-ipsec.in +++ b/ipsec/ovs-monitor-ipsec.in @@ -424,8 +424,8 @@ conn prevent_unencrypted_vxlan right=$remote_ip leftid=@$local_name rightid=@$remote_name - leftcert="$local_name" - rightcert="$remote_name" + leftcert="ovs_certkey_$local_name" + rightcert="ovs_cert_$remote_name" leftrsasigkey=%cert"""), "pki_ca": Template("""\ left=$local_ip @@ -687,7 +687,7 @@ conn prevent_unencrypted_vxlan if proc.returncode: raise Exception(proc.stderr.read()) except Exception as e: - vlog.err("Failed to import ceretificate into NSS.\n" + str(e)) + vlog.err("Failed to import certificate into NSS.\n" + str(e)) def _nss_delete_cert(self, name): try: @@ -699,7 +699,7 @@ conn prevent_unencrypted_vxlan if proc.returncode: raise Exception(proc.stderr.read()) except Exception as e: - vlog.err("Failed to delete ceretificate from NSS.\n" + str(e)) + vlog.err("Failed to delete certificate from NSS.\n" + str(e)) def _nss_import_cert_and_key(self, cert, key, name): try: |