[libvirt] [PATCH 0/4] Fix handling of CA certificate chains
Eric Blake
eblake at redhat.com
Thu Aug 8 20:52:52 UTC 2013
On 08/06/2013 05:35 AM, Daniel P. Berrange wrote:
> This series fixes the CA certificate validation so that it
> correctly works when a client and server cert are both signed
> by intermediate CAs, sharing a common ancestor CA.
After the application of this series, I'm starting to see sporadic test
failures; when I run 'make -j3 check' the test sometimes fails like
this; but when I then do 'cd tests; ./virnettlssessiontest', it passes.
I suspect you have a race where parallel tests are now trying to access
the same file, and whoever loses the test fails; whereas a serial run
passes every time.
11) TLS Session servercertreq.filename + clientcertreq.filename ... OK
12) TLS Session servercertreq.filename + clientcertreq.filename
... libvirt: XML-RPC error : authentication failed: Failed to verify
peer's certificate
OK
13) TLS Session servercertreq.filename + clientcertreq.filename ... OK
14) TLS Session servercertreq.filename + clientcertreq.filename
... libvirt: XML-RPC error : authentication failed: Failed to verify
peer's certificate
FAILED
15) TLS Session servercertlevel3areq.filename +
clientcertlevel2breq.filename ... libvirt: XML-RPC error : Cannot read
private key '/home/eblake/libvirt/tests/virnettlscontexttest-key.pem':
No such file or directory
FAILED
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
>
>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130808/b6a5b97e/attachment-0001.sig>
More information about the libvir-list
mailing list