diff options
| author | Emmanuel Dreyfus <manu@netbsd.org> | 2014-09-23 07:46:16 +0200 |
|---|---|---|
| committer | Vijay Bellur <vbellur@redhat.com> | 2014-09-26 03:32:42 -0700 |
| commit | 3d36edb00c2adad9a957a445aafac3e800964bb1 (patch) | |
| tree | 4530c0d26e06f02ab44ca982f62684c4097a7699 | |
| parent | 8e57090f7da4027c46176c9786372a00e22df69d (diff) | |
Use sane OS-dependent defaults for SSL configuration
Current code assumes /etc/ssl exists, which may not be the case.
Attempt to guess sane default for a few OS.
BUG: 1129939
Change-Id: I0f3168f79b8f4275636581041740dfcaf25f3edd
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/8790
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
| -rw-r--r-- | rpc/rpc-transport/socket/src/socket.c | 20 | ||||
| -rwxr-xr-x | tests/features/ssl-authz.t | 11 |
2 files changed, 25 insertions, 6 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c index c1ad8ec9278..c7cc37bf950 100644 --- a/rpc/rpc-transport/socket/src/socket.c +++ b/rpc/rpc-transport/socket/src/socket.c @@ -46,14 +46,28 @@ #define OWN_THREAD_OPT "transport.socket.own-thread" /* TBD: do automake substitutions etc. (ick) to set these. */ +#if !defined(DEFAULT_ETC_SSL) +# ifdef GF_LINUX_HOST_OS +# define DEFAULT_ETC_SSL "/etc/ssl" +# endif +# ifdef GF_BSD_HOST_OS +# define DEFAULT_ETC_SSL "/etc/openssl" +# endif +# ifdef GF_DARWIN_HOST_OS +# define DEFAULT_ETC_SSL "/opt/local/etc/openssl" +# endif +# if !defined(DEFAULT_ETC_SSL) +# define DEFAULT_ETC_SSL "/etc/ssl" +# endif +#endif #if !defined(DEFAULT_CERT_PATH) -#define DEFAULT_CERT_PATH "/etc/ssl/glusterfs.pem" +#define DEFAULT_CERT_PATH DEFAULT_ETC_SSL "/glusterfs.pem" #endif #if !defined(DEFAULT_KEY_PATH) -#define DEFAULT_KEY_PATH "/etc/ssl/glusterfs.key" +#define DEFAULT_KEY_PATH DEFAULT_ETC_SSL "/glusterfs.key" #endif #if !defined(DEFAULT_CA_PATH) -#define DEFAULT_CA_PATH "/etc/ssl/glusterfs.ca" +#define DEFAULT_CA_PATH DEFAULT_ETC_SSL "/glusterfs.ca" #endif #define POLL_MASK_INPUT (POLLIN | POLLPRI) diff --git a/tests/features/ssl-authz.t b/tests/features/ssl-authz.t index 313d67c3eda..4aabb1d14ec 100755 --- a/tests/features/ssl-authz.t +++ b/tests/features/ssl-authz.t @@ -1,12 +1,17 @@ #!/bin/bash . $(dirname $0)/../include.rc +. $(dirname $0)/../volume.rc ping_file () { echo hello > $1 2> /dev/null } - -SSL_BASE=/etc/ssl +for d in /etc/ssl /etc/openssl /opt/local/etc/openssl ; do + if test -d $d ; then + SSL_BASE=$d + break + fi +done SSL_KEY=$SSL_BASE/glusterfs.key SSL_CERT=$SSL_BASE/glusterfs.pem SSL_CA=$SSL_BASE/glusterfs.ca @@ -33,7 +38,7 @@ TEST $CLI volume start $V0 # This mount should WORK. TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0 TEST ping_file $M0/before -TEST umount $M0 +EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" force_umount $M0 # Change the authorized user name. Note that servers don't pick up changes # automagically like clients do, so we have to stop/start ourselves. |