diff options
| author | Emmanuel Dreyfus <manu@netbsd.org> | 2014-09-26 02:13:57 +0200 |
|---|---|---|
| committer | Vijay Bellur <vbellur@redhat.com> | 2014-09-26 05:24:20 -0700 |
| commit | 61353a428903047d800b572637ab1df6f2b04a42 (patch) | |
| tree | 9ca81e58453a1b9e70dc90d904c445defa5d0ef9 | |
| parent | e78ad0c426c31264651b13d6138b70fa53c4af86 (diff) | |
Use sane OS-dependent defaults for SSL configuration
Current code assumes /etc/ssl exists, which may not be the case.
Attempt to guess sane default for a few OS.
Backport of I0f3168f79b8f4275636581041740dfcaf25f3edd
BUG: 1138897
Change-Id: I972c26236cbf070f15c3846add059bd33d60216d
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/8861
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
| -rw-r--r-- | rpc/rpc-transport/socket/src/socket.c | 20 | ||||
| -rwxr-xr-x | tests/features/ssl-authz.t | 10 |
2 files changed, 25 insertions, 5 deletions
diff --git a/rpc/rpc-transport/socket/src/socket.c b/rpc/rpc-transport/socket/src/socket.c index e1c542530a9..b9554cc0ed4 100644 --- a/rpc/rpc-transport/socket/src/socket.c +++ b/rpc/rpc-transport/socket/src/socket.c @@ -46,14 +46,28 @@ #define OWN_THREAD_OPT "transport.socket.own-thread" /* TBD: do automake substitutions etc. (ick) to set these. */ +#if !defined(DEFAULT_ETC_SSL) +# ifdef GF_LINUX_HOST_OS +# define DEFAULT_ETC_SSL "/etc/ssl" +# endif +# ifdef GF_BSD_HOST_OS +# define DEFAULT_ETC_SSL "/etc/openssl" +# endif +# ifdef GF_DARWIN_HOST_OS +# define DEFAULT_ETC_SSL "/opt/local/etc/openssl" +# endif +# if !defined(DEFAULT_ETC_SSL) +# define DEFAULT_ETC_SSL "/etc/ssl" +# endif +#endif #if !defined(DEFAULT_CERT_PATH) -#define DEFAULT_CERT_PATH "/etc/ssl/glusterfs.pem" +#define DEFAULT_CERT_PATH DEFAULT_ETC_SSL "/glusterfs.pem" #endif #if !defined(DEFAULT_KEY_PATH) -#define DEFAULT_KEY_PATH "/etc/ssl/glusterfs.key" +#define DEFAULT_KEY_PATH DEFAULT_ETC_SSL "/glusterfs.key" #endif #if !defined(DEFAULT_CA_PATH) -#define DEFAULT_CA_PATH "/etc/ssl/glusterfs.ca" +#define DEFAULT_CA_PATH DEFAULT_ETC_SSL "/glusterfs.ca" #endif #define POLL_MASK_INPUT (POLLIN | POLLPRI) diff --git a/tests/features/ssl-authz.t b/tests/features/ssl-authz.t index f6c56bcaa53..e4ea268b53b 100755 --- a/tests/features/ssl-authz.t +++ b/tests/features/ssl-authz.t @@ -1,12 +1,18 @@ #!/bin/bash . $(dirname $0)/../include.rc +. $(dirname $0)/../volume.rc ping_file () { echo hello > $1 2> /dev/null } -SSL_BASE=/etc/ssl +for d in /etc/ssl /etc/openssl /opt/local/etc/openssl ; do + if test -d $d ; then + SSL_BASE=$d + break + fi +done SSL_KEY=$SSL_BASE/glusterfs.key SSL_CERT=$SSL_BASE/glusterfs.pem SSL_CA=$SSL_BASE/glusterfs.ca @@ -33,7 +39,7 @@ TEST $CLI volume start $V0 # This mount should WORK. TEST glusterfs --volfile-server=$H0 --volfile-id=$V0 $M0 TEST ping_file $M0/before -TEST umount $M0 +EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" force_umount $M0 # Change the authorized user name. Note that servers don't pick up changes # automagically like clients do, so we have to stop/start ourselves. |