[ovs-dev] [PATCH 9/9] ovs-vswitchd: Add ability to bootstrap SSL.

Ben Pfaff blp at nicira.com
Mon Dec 21 21:15:49 UTC 2009


---
 vswitchd/ovs-vswitchd.8.in |    7 +++----
 vswitchd/ovs-vswitchd.c    |    8 +++++++-
 2 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/vswitchd/ovs-vswitchd.8.in b/vswitchd/ovs-vswitchd.8.in
index 5a016cd..958265b 100644
--- a/vswitchd/ovs-vswitchd.8.in
+++ b/vswitchd/ovs-vswitchd.8.in
@@ -21,10 +21,7 @@ on the local machine.
 The mandatory \fIdatabase\fR argument specifies the
 \fBovsdb\-server\fR from which \fBovs\-vswitchd\fR's configuration
 should be retrieved.  It takes one of the following forms:
-.IP "\fBtcp:\fIip\fB:\fIport\fR"
-Connect to the given TCP \fIport\fR on \fIip\fR.
-.IP "\fBunix:\fIfile\fR"
-Connect to the Unix domain server socket named \fIfile\fR.
+.so ovsdb/remote-active.man
 .PP
 \fBovs\-vswitchd\fR retrieves its configuration from \fIdatabase\fR at
 startup.  It sets up Open vSwitch datapaths and then operates
@@ -82,6 +79,8 @@ actually in use.  It requires the \fBbrcompat_mod.ko\fR kernel module
 to be loaded.
 .
 .so lib/daemon.man
+.so lib/ssl.man
+.so lib/ssl-bootstrap.man
 .so lib/vlog.man
 .so lib/common.man
 .so lib/leak-checker.man
diff --git a/vswitchd/ovs-vswitchd.c b/vswitchd/ovs-vswitchd.c
index 1d1fa29..6b7ad4e 100644
--- a/vswitchd/ovs-vswitchd.c
+++ b/vswitchd/ovs-vswitchd.c
@@ -138,7 +138,8 @@ parse_options(int argc, char *argv[])
         OPT_PEER_CA_CERT = UCHAR_MAX + 1,
         OPT_FAKE_PROC_NET,
         VLOG_OPTION_ENUMS,
-        LEAK_CHECKER_OPTION_ENUMS
+        LEAK_CHECKER_OPTION_ENUMS,
+        OPT_BOOTSTRAP_CA_CERT
     };
     static struct option long_options[] = {
         {"help",        no_argument, 0, 'h'},
@@ -150,6 +151,7 @@ parse_options(int argc, char *argv[])
 #ifdef HAVE_OPENSSL
         STREAM_SSL_LONG_OPTIONS
         {"peer-ca-cert", required_argument, 0, OPT_PEER_CA_CERT},
+        {"bootstrap-ca-cert", required_argument, 0, OPT_BOOTSTRAP_CA_CERT},
 #endif
         {0, 0, 0, 0},
     };
@@ -191,6 +193,10 @@ parse_options(int argc, char *argv[])
         case OPT_PEER_CA_CERT:
             stream_ssl_set_peer_ca_cert_file(optarg);
             break;
+
+        case OPT_BOOTSTRAP_CA_CERT:
+            stream_ssl_set_ca_cert_file(optarg, true);
+            break;
 #endif
 
         case '?':
-- 
1.6.3.3





More information about the dev mailing list