[libvirt] [PATCH 2/4] Avoid re-generating certs every time
Michal Privoznik
mprivozn at redhat.com
Wed Aug 7 10:44:48 UTC 2013
On 06.08.2013 13:35, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
>
> Currently every test case in the TLS test suite generates the
> certs fresh. This is a waste of time, since its parameters
> don't change across test cases. Create certs once in main
> method.
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
> tests/virnettlscontexttest.c | 670 +++++++++++++++++++++++--------------------
> tests/virnettlshelpers.c | 9 +-
> tests/virnettlshelpers.h | 4 +-
> tests/virnettlssessiontest.c | 152 +++++-----
> 4 files changed, 445 insertions(+), 390 deletions(-)
>
> diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
> index 0a0d31a..a02e724 100644
> --- a/tests/virnettlscontexttest.c
> +++ b/tests/virnettlscontexttest.c
> @@ -124,38 +118,54 @@ mymain(void)
> data.careq = _caReq; \
> data.certreq = _certReq; \
> data.expectFail = _expectFail; \
> - if (virtTestRun("TLS Context", 1, testTLSContextInit, &data) < 0) \
> + if (virtTestRun("TLS Context " #_caReq " + " #_certReq, 1, \
> + testTLSContextInit, &data) < 0) \
> ret = -1; \
> } while (0)
>
> +# define TLS_CERT_REQ(varname, cavarname, \
> + co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
> + kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo) \
> + static struct testTLSCertReq varname = { \
> + NULL, #varname ".pem", \
> + co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
> + kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo \
> + }; \
> + testTLSGenerateCert(&varname, cavarname.crt)
> +
Trailing whitespace
> +# define TLS_ROOT_REQ(varname, \
> + co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
> + kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo) \
> + static struct testTLSCertReq varname = { \
> + NULL, #varname ".pem", \
> + co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
> + kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo \
> + }; \
> + testTLSGenerateCert(&varname, NULL)
> +
> +
> diff --git a/tests/virnettlssessiontest.c b/tests/virnettlssessiontest.c
> index 9c5b3ca..6c71ac9 100644
> --- a/tests/virnettlssessiontest.c
> +++ b/tests/virnettlssessiontest.c
> @@ -292,68 +273,87 @@ mymain(void)
> data.expectClientFail = _expectClientFail; \
> data.hostname = _hostname; \
> data.wildcards = _wildcards; \
> - if (virtTestRun("TLS Session", 1, testTLSSessionInit, &data) < 0) \
> + if (virtTestRun("TLS Session " #_serverReq " + " #_clientReq, \
> + 1, testTLSSessionInit, &data) < 0) \
> ret = -1; \
> } while (0)
>
> +# define TLS_CERT_REQ(varname, cavarname, \
> + co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
> + kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo) \
> + static struct testTLSCertReq varname = { \
> + NULL, #varname ".pem", \
> + co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
> + kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, so \
> + }; \
> + testTLSGenerateCert(&varname, cavarname.crt)
> +
Trailing whitespace
> +# define TLS_ROOT_REQ(varname, \
> + co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
> + kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, eo) \
> + static struct testTLSCertReq varname = { \
> + NULL, #varname ".pem", \
> + co, cn, an1, an2, ia1, ia2, bce, bcc, bci, \
> + kue, kuc, kuv, kpe, kpc, kpo1, kpo2, so, so \
> + }; \
> + testTLSGenerateCert(&varname, NULL)
> +
> /* A perfect CA, perfect client & perfect server */
>
> /* Basic:CA:critical */
> - static struct testTLSCertReq cacertreq = {
> - NULL, NULL, "cacert.pem", "UK",
> - "libvirt CA", NULL, NULL, NULL, NULL,
> - true, true, true,
> - true, true, GNUTLS_KEY_KEY_CERT_SIGN,
> - false, false, NULL, NULL,
> - 0, 0,
> - };
> - static struct testTLSCertReq cacert1req = {
> - NULL, NULL, "cacert1.pem", "UK",
> - "libvirt CA 1", NULL, NULL, NULL, NULL,
> - true, true, true,
> - false, false, 0,
> - false, false, NULL, NULL,
> - 0, 0,
> - };
> - static struct testTLSCertReq servercertreq = {
> - NULL, NULL, "servercert.pem", "UK",
> - "libvirt.org", NULL, NULL, NULL, NULL,
> - true, true, false,
> - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
> - true, true, GNUTLS_KP_TLS_WWW_SERVER, NULL,
> - 0, 0,
> - };
> - static struct testTLSCertReq clientcertreq = {
> - NULL, NULL, "clientcert.pem", "UK",
> - "libvirt", NULL, NULL, NULL, NULL,
> - true, true, false,
> - true, true, GNUTLS_KEY_DIGITAL_SIGNATURE | GNUTLS_KEY_KEY_ENCIPHERMENT,
> - true, true, GNUTLS_KP_TLS_WWW_CLIENT, NULL,
> - 0, 0,
> - };
> + TLS_ROOT_REQ(cacertreq,
Trailing whitespace
> + "UK", "libvirt CA", NULL, NULL, NULL, NULL,
> + true, true, true,
> + true, true, GNUTLS_KEY_KEY_CERT_SIGN,
> + false, false, NULL, NULL,
> + 0, 0);
Michal
More information about the libvir-list
mailing list