TLS/SNI Listener creation fails when using intermiate certificates
Because the intermediate certificates are misplaced(they are not expected to be at the top of the pem file), there is issue in haproxy config file generation and hence the listener creation fails. This patch fixes the ordering issue. Change-Id: I1e7c3c1579d410ded77962e03b1ac8778b0e5d72 Closes-Bug: 1567031
This commit is contained in:
parent
aea742048a
commit
d63f3ce629
|
@ -172,11 +172,9 @@ def build_pem(tls_container):
|
|||
:param tls_container: Object container TLS certificates
|
||||
:returns: Pem encoded certificate file
|
||||
"""
|
||||
pem = []
|
||||
pem = [tls_container.certificate, tls_container.private_key]
|
||||
if tls_container.intermediates:
|
||||
pem = tls_container.intermediates[:]
|
||||
pem.extend([tls_container.certificate, tls_container.private_key])
|
||||
|
||||
pem.extend(tls_container.intermediates[:])
|
||||
return '\n'.join(pem)
|
||||
|
||||
|
||||
|
|
|
@ -79,12 +79,12 @@ class TestHaproxyAmphoraLoadBalancerDriverTest(base.TestCase):
|
|||
self.driver.client.get_cert_md5sum.assert_called_with(
|
||||
self.amp, self.sl.id, 'aFakeCN.pem')
|
||||
# this is called three times (last MD5 matches)
|
||||
fp1 = ('--imainter1--\n\n--imainter1too--\n'
|
||||
'\n--imapem1--\n\n--imakey1--\n')
|
||||
fp2 = ('--imainter2--\n\n--imainter2too--\n'
|
||||
'\n--imapem2--\n\n--imakey2--\n')
|
||||
fp3 = ('--imainter3--\n\n--imainter3too--\n'
|
||||
'\n--imapem3--\n\n--imakey3--\n')
|
||||
fp1 = ('--imapem1--\n\n--imakey1--\n'
|
||||
'\n--imainter1--\n\n--imainter1too--\n')
|
||||
fp2 = ('--imapem2--\n\n--imakey2--\n'
|
||||
'\n--imainter2--\n\n--imainter2too--\n')
|
||||
fp3 = ('--imapem3--\n\n--imakey3--\n'
|
||||
'\n--imainter3--\n\n--imainter3too--\n')
|
||||
ucp_calls = [
|
||||
mock.call(self.amp, self.sl.id, 'aFakeCN.pem', fp1),
|
||||
mock.call(self.amp, self.sl.id, 'aFakeCN.pem', fp2),
|
||||
|
|
|
@ -305,7 +305,7 @@ class TestTLSParseUtils(base.TestCase):
|
|||
cert_mock).intermediates)
|
||||
|
||||
def test_build_pem(self):
|
||||
expected = 'imainter\nimainter2\nimacert\nimakey'
|
||||
expected = 'imacert\nimakey\nimainter\nimainter2'
|
||||
tls_tupe = sample_configs.sample_tls_container_tuple(
|
||||
certificate='imacert', private_key='imakey',
|
||||
intermediates=['imainter', 'imainter2'])
|
||||
|
|
Loading…
Reference in New Issue