Repository: mesos Updated Branches: refs/heads/master de13d78b7 -> a16be70ef
MESOS-3005: Fix SSL test hostname dependency. We generate the certificate using the hostname associated with INADDR_LOOPBACK and explicitly bind the test server on INADDR_LOOPBACK. This way there is no inconsistency with the hostname of the certificate versus the test. Review: https://reviews.apache.org/r/36275 Project: http://git-wip-us.apache.org/repos/asf/mesos/repo Commit: http://git-wip-us.apache.org/repos/asf/mesos/commit/a16be70e Tree: http://git-wip-us.apache.org/repos/asf/mesos/tree/a16be70e Diff: http://git-wip-us.apache.org/repos/asf/mesos/diff/a16be70e Branch: refs/heads/master Commit: a16be70efd36a910481112434e1c9184aa3e3014 Parents: de13d78 Author: Joris Van Remoortere <[email protected]> Authored: Tue Jul 7 15:05:47 2015 -0700 Committer: Benjamin Hindman <[email protected]> Committed: Tue Jul 7 15:08:50 2015 -0700 ---------------------------------------------------------------------- 3rdparty/libprocess/src/tests/ssl_tests.cpp | 29 +++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/mesos/blob/a16be70e/3rdparty/libprocess/src/tests/ssl_tests.cpp ---------------------------------------------------------------------- diff --git a/3rdparty/libprocess/src/tests/ssl_tests.cpp b/3rdparty/libprocess/src/tests/ssl_tests.cpp index 869ed65..97a3f2a 100644 --- a/3rdparty/libprocess/src/tests/ssl_tests.cpp +++ b/3rdparty/libprocess/src/tests/ssl_tests.cpp @@ -173,8 +173,24 @@ protected: ABORT("Could not generate private key: " + private_key.error()); } + // Figure out the hostname that 'INADDR_LOOPBACK' will bind to. + // Set the hostname of the certificate to this hostname so that + // hostname verification of the certificate will pass. + Try<string> hostname = net::getHostname(net::IP(INADDR_LOOPBACK)); + if (hostname.isError()) { + cleanup(); + ABORT("Could not determine hostname of 'INADDR_LOOPBACK': " + + hostname.error()); + } + // Generate an authorized certificate. - certificate = openssl::generate_x509(private_key.get(), private_key.get()); + certificate = openssl::generate_x509( + private_key.get(), + private_key.get(), + None(), + 1, + 365, + hostname.get()); if (certificate.isError()) { cleanup(); @@ -293,6 +309,13 @@ protected: Socket server = create.get(); + // We need to explicitly bind to INADDR_LOOPBACK so the + // certificate we create in this test fixture can be verified. + Try<Address> bind = server.bind(Address(net::IP(INADDR_LOOPBACK), 0)); + if (bind.isError()) { + return Error(bind.error()); + } + const Try<Nothing> listen = server.listen(BACKLOG); if (listen.isError()) { return Error(listen.error()); @@ -385,6 +408,10 @@ TEST_F(SSLTest, BasicSameProcess) Socket server = server_create.get(); Socket client = client_create.get(); + // We need to explicitly bind to INADDR_LOOPBACK so the certificate + // we create in this test fixture can be verified. + ASSERT_SOME(server.bind(Address(net::IP(INADDR_LOOPBACK), 0))); + const Try<Nothing> listen = server.listen(BACKLOG); ASSERT_SOME(listen);
