TLS/SNI Listener creation fails when using intermiate certificates

Because the intermediate certificates are misplaced(they are not expected to be at the top of the pem file), there is issue in haproxy config file generation and hence the listener creation fails. This patch fixes the ordering issue. Change-Id: I1e7c3c1579d410ded77962e03b1ac8778b0e5d72 Closes-Bug: 1567031
2016-04-06 11:49:00 -07:00 · 2016-04-06 11:49:00 -07:00 · d63f3ce629
parent aea742048a
commit d63f3ce629
3 changed files with 9 additions and 11 deletions
--- a/octavia/common/tls_utils/cert_parser.py
+++ b/octavia/common/tls_utils/cert_parser.py
@ -172,11 +172,9 @@ def build_pem(tls_container):
        :param tls_container: Object container TLS certificates
        :returns: Pem encoded certificate file
        """
-        pem = []
+        pem = [tls_container.certificate, tls_container.private_key]
        if tls_container.intermediates:
-            pem = tls_container.intermediates[:]
-        pem.extend([tls_container.certificate, tls_container.private_key])
-
+            pem.extend(tls_container.intermediates[:])
        return '\n'.join(pem)


--- a/octavia/tests/unit/amphorae/drivers/haproxy/test_rest_api_driver.py
+++ b/octavia/tests/unit/amphorae/drivers/haproxy/test_rest_api_driver.py
@ -79,12 +79,12 @@ class TestHaproxyAmphoraLoadBalancerDriverTest(base.TestCase):
        self.driver.client.get_cert_md5sum.assert_called_with(
            self.amp, self.sl.id, 'aFakeCN.pem')
        # this is called three times (last MD5 matches)
-        fp1 = ('--imainter1--\n\n--imainter1too--\n'
-               '\n--imapem1--\n\n--imakey1--\n')
-        fp2 = ('--imainter2--\n\n--imainter2too--\n'
-               '\n--imapem2--\n\n--imakey2--\n')
-        fp3 = ('--imainter3--\n\n--imainter3too--\n'
-               '\n--imapem3--\n\n--imakey3--\n')
+        fp1 = ('--imapem1--\n\n--imakey1--\n'
+               '\n--imainter1--\n\n--imainter1too--\n')
+        fp2 = ('--imapem2--\n\n--imakey2--\n'
+               '\n--imainter2--\n\n--imainter2too--\n')
+        fp3 = ('--imapem3--\n\n--imakey3--\n'
+               '\n--imainter3--\n\n--imainter3too--\n')
        ucp_calls = [
            mock.call(self.amp, self.sl.id, 'aFakeCN.pem', fp1),
            mock.call(self.amp, self.sl.id, 'aFakeCN.pem', fp2),
--- a/octavia/tests/unit/common/tls_utils/test_cert_parser.py
+++ b/octavia/tests/unit/common/tls_utils/test_cert_parser.py
@ -305,7 +305,7 @@ class TestTLSParseUtils(base.TestCase):
                    cert_mock).intermediates)

    def test_build_pem(self):
-        expected = 'imainter\nimainter2\nimacert\nimakey'
+        expected = 'imacert\nimakey\nimainter\nimainter2'
        tls_tupe = sample_configs.sample_tls_container_tuple(
            certificate='imacert', private_key='imakey',
            intermediates=['imainter', 'imainter2'])