[ovs-dev] [PATCH 9/9] ovs-vswitchd: Add ability to bootstrap SSL.
Ben Pfaff
blp at nicira.com
Mon Dec 21 21:15:49 UTC 2009
---
vswitchd/ovs-vswitchd.8.in | 7 +++----
vswitchd/ovs-vswitchd.c | 8 +++++++-
2 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/vswitchd/ovs-vswitchd.8.in b/vswitchd/ovs-vswitchd.8.in
index 5a016cd..958265b 100644
--- a/vswitchd/ovs-vswitchd.8.in
+++ b/vswitchd/ovs-vswitchd.8.in
@@ -21,10 +21,7 @@ on the local machine.
The mandatory \fIdatabase\fR argument specifies the
\fBovsdb\-server\fR from which \fBovs\-vswitchd\fR's configuration
should be retrieved. It takes one of the following forms:
-.IP "\fBtcp:\fIip\fB:\fIport\fR"
-Connect to the given TCP \fIport\fR on \fIip\fR.
-.IP "\fBunix:\fIfile\fR"
-Connect to the Unix domain server socket named \fIfile\fR.
+.so ovsdb/remote-active.man
.PP
\fBovs\-vswitchd\fR retrieves its configuration from \fIdatabase\fR at
startup. It sets up Open vSwitch datapaths and then operates
@@ -82,6 +79,8 @@ actually in use. It requires the \fBbrcompat_mod.ko\fR kernel module
to be loaded.
.
.so lib/daemon.man
+.so lib/ssl.man
+.so lib/ssl-bootstrap.man
.so lib/vlog.man
.so lib/common.man
.so lib/leak-checker.man
diff --git a/vswitchd/ovs-vswitchd.c b/vswitchd/ovs-vswitchd.c
index 1d1fa29..6b7ad4e 100644
--- a/vswitchd/ovs-vswitchd.c
+++ b/vswitchd/ovs-vswitchd.c
@@ -138,7 +138,8 @@ parse_options(int argc, char *argv[])
OPT_PEER_CA_CERT = UCHAR_MAX + 1,
OPT_FAKE_PROC_NET,
VLOG_OPTION_ENUMS,
- LEAK_CHECKER_OPTION_ENUMS
+ LEAK_CHECKER_OPTION_ENUMS,
+ OPT_BOOTSTRAP_CA_CERT
};
static struct option long_options[] = {
{"help", no_argument, 0, 'h'},
@@ -150,6 +151,7 @@ parse_options(int argc, char *argv[])
#ifdef HAVE_OPENSSL
STREAM_SSL_LONG_OPTIONS
{"peer-ca-cert", required_argument, 0, OPT_PEER_CA_CERT},
+ {"bootstrap-ca-cert", required_argument, 0, OPT_BOOTSTRAP_CA_CERT},
#endif
{0, 0, 0, 0},
};
@@ -191,6 +193,10 @@ parse_options(int argc, char *argv[])
case OPT_PEER_CA_CERT:
stream_ssl_set_peer_ca_cert_file(optarg);
break;
+
+ case OPT_BOOTSTRAP_CA_CERT:
+ stream_ssl_set_ca_cert_file(optarg, true);
+ break;
#endif
case '?':
--
1.6.3.3
More information about the dev
mailing list