diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/features/ssl-ciphers.t | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/tests/features/ssl-ciphers.t b/tests/features/ssl-ciphers.t index 563d37c5277..7e1e1996ac6 100644 --- a/tests/features/ssl-ciphers.t +++ b/tests/features/ssl-ciphers.t @@ -175,8 +175,6 @@ BRICK_PORT=`brick_port $V0` EXPECT "Y" openssl_connect -cipher EECDH -connect $H0:$BRICK_PORT # test revocation -# no need to restart the volume since the options are used -# by the client here. TEST $CLI volume set $V0 ssl.crl-path $TMPDIR EXPECT $TMPDIR volume_option $V0 ssl.crl-path $GFS --volfile-id=$V0 --volfile-server=$H0 $M0 @@ -189,14 +187,25 @@ TEST openssl ca -batch -config $SSL_CFG -revoke $SSL_CERT 2>&1 TEST openssl ca -config $SSL_CFG -gencrl -out $SSL_CRL 2>&1 # Failed once revoked +# Although client fails to mount without restarting the server after crl-path +# is set when no actual crl file is found on the client, it would also fail +# when server is restarted for the same reason. Since the socket initialization +# code is the same for client and server, the crl verification flags need to +# be turned off for the client to avoid SSL searching for CRLs in the +# ssl.crl-path. If no CRL files are found in the ssl.crl-path, SSL fails the +# connect() attempt on the client. +TEST $CLI volume stop $V0 +TEST $CLI volume start $V0 $GFS --volfile-id=$V0 --volfile-server=$H0 $M0 EXPECT "N" wait_mount $M0 TEST ! test -f $TEST_FILE EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" force_umount $M0 # Succeed with CRL disabled +TEST $CLI volume stop $V0 TEST $CLI volume set $V0 ssl.crl-path NULL EXPECT NULL volume_option $V0 ssl.crl-path +TEST $CLI volume start $V0 $GFS --volfile-id=$V0 --volfile-server=$H0 $M0 EXPECT "Y" wait_mount $M0 TEST test -f $TEST_FILE |