Thanks for the reply, Iwamoto-san.
When I start ryu-manager, I provide the private key, certificate file and
certificate authority for the switch(es):
PWD=`pwd`
ryu-manager --ctl-privkey $PWD/pki/ctl-privkey.pem --ctl-cert
$PWD/pki/ctl-cert.pem --ca-certs $PWD/pki/sc-cacert.pem --verbose
I have a print statement in the StreamServer class of ryu/lib/hub.py, to print
the ssl_args as retrieved in the wrap_and_handle def.
When the first switch connects, ssl_args contains:
SSL_ARGS {'keyfile': '/home/sdn/pki/ctl-privkey.pem', 'certfile': '/home/sdn/
pki/ctl-cert.pem', 'cert_reqs': <VerifyMode.CERT_REQUIRED: 2>, 'ca_certs':
'/home/sdn/pki/sc-cacert.pem', 'ssl_ctx': <eventlet.green.ssl.GreenSSLContext
object at 0x7f55642920a8>, 'server_side': True}
(all PKI information is appropriately retrieved)
However, any other switch that attempts to connect after that first switch only
has the following in ssl_args:
SSL_ARGS {'server_side': True}
R/Will
________________________________
From: IWAMOTO Toshihiro <iwam...@valinux.co.jp>
Sent: Friday, November 15, 2019 12:12 AM
To: William Stout <wst...@unm.edu>
Cc: ryu-devel@lists.sourceforge.net <ryu-devel@lists.sourceforge.net>
Subject: Re: [Ryu-devel] TLS fails, **ssl_args empty
On Fri, 15 Nov 2019 00:53:35 +0900,
William Stout wrote:
> Tried on Ubuntu 18.04/16.04, Python 3.6/2.7 with Ryu 4.34
> Set up TLS according the latest Ryu readthedocs, using five ovs bridges.
> Tested PKI with ovs-testcontroller, everything works.
> When using Ryu with same PKI, only the first switch connects, all others fail
> citing "no certfile for server side."
>
> I added some print statements to hub.py and controller.py (FUNC, ARGS,
> KWARGS, etc..); I've boldfaced the ssl_args for the <first switch> and
> <second switch> attempted connections.
> <second switch>
>
> FUNC <function StreamServer.__init__.<locals>.wrap_and_handle at
> 0x7f5ea6053730>
> ARGS (<eventlet.greenio.base.GreenSocket object at 0x7f5ea60b1eb8>,
> ('172.16.0.4', 36972))
> KWARGS {}
> SSL_ARGS {'server_side': True}
> hub: uncaught exception: Traceback (most recent call last):
> File "/home/wmstout/.local/lib/python3.6/site-packages/ryu/lib/hub.py",
> line 63, in _launch
> return func(*args, **kwargs)
> File "/home/wmstout/.local/lib/python3.6/site-packages/ryu/lib/hub.py",
> line 146, in wrap_and_handle
> handle(ssl.wrap_socket(sock, **ssl_args), addr)
> File
> "/home/wmstout/.local/lib/python3.6/site-packages/eventlet/green/ssl.py",
> line 415, in wrap_socket
> return GreenSSLSocket(sock, *a, **kw)
> File
> "/home/wmstout/.local/lib/python3.6/site-packages/eventlet/green/ssl.py",
> line 106, in __init__
> ca_certs, do_handshake_on_connect and six.PY2, *args, **kw)
> File "/usr/lib/python3.6/ssl.py", line 739, in __init__
> raise ValueError("certfile must be specified for server-side "
> ValueError: certfile must be specified for server-side operations
As written in the error message, you need to supply a certfile.
--
IWAMOTO Toshihiro
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel
