[ovs-dev] [ssl 3/3] Fix SSL boilerplate descriptions in manpages.

Justin Pettit jpettit at nicira.com
Tue Aug 17 17:20:38 UTC 2010


This series looks good to me.

--Justin


On Aug 17, 2010, at 9:22 AM, Ben Pfaff wrote:

> Some of the SSL boilerplate was specific to switches, but it was included
> in OVSDB programs also.  Make it more generic.  Also document SSL options
> in some manpages where they were missing.
> ---
> lib/ssl-bootstrap.man        |    2 +-
> lib/ssl-peer-ca-cert.man     |   13 +++++++------
> lib/ssl-syn.man              |    2 +-
> ovsdb/ovsdb-client.1.in      |    3 +++
> ovsdb/ovsdb-server.1.in      |    2 ++
> utilities/ovs-openflowd.8.in |    3 +++
> utilities/ovs-vsctl.8.in     |    5 +++++
> vswitchd/ovs-vswitchd.8.in   |    3 +++
> 8 files changed, 25 insertions(+), 8 deletions(-)
> 
> diff --git a/lib/ssl-bootstrap.man b/lib/ssl-bootstrap.man
> index 7fe4a1f..37ed791 100644
> --- a/lib/ssl-bootstrap.man
> +++ b/lib/ssl-bootstrap.man
> @@ -15,7 +15,7 @@ for bootstrapping.
> This option is only useful if the SSL peer sends its CA certificate as
> part of the SSL certificate chain.  The SSL protocol does not require
> the server to send the CA certificate, but
> -\fBovs\-controller\fR(8) can be configured to do so with the
> +\fB\*(SN\fR(8) can be configured to do so with the
> \fB\-\-peer\-ca\-cert\fR option.
> .IP
> This option is mutually exclusive with \fB\-C\fR and
> diff --git a/lib/ssl-peer-ca-cert.man b/lib/ssl-peer-ca-cert.man
> index cfdd915..5450b9e 100644
> --- a/lib/ssl-peer-ca-cert.man
> +++ b/lib/ssl-peer-ca-cert.man
> @@ -1,12 +1,13 @@
> .IP "\fB\-\-peer\-ca\-cert=\fIpeer-cacert.pem\fR"
> Specifies a PEM file that contains one or more additional certificates
> to send to SSL peers.  \fIpeer-cacert.pem\fR should be the CA
> -certificate used to sign the \fB\*(PN\fR own certificate (the
> -certificate specified on \fB\-c\fR or \fB\-\-certificate\fR).
> +certificate used to sign \fB\*(PN\fR's own certificate, that is, the
> +certificate specified on \fB\-c\fR or \fB\-\-certificate\fR.  If
> +\fB\*(PN\fR's certificate is self-signed, then \fB\-\-certificate\fR
> +and \fB\-\-peer\-ca\-cert\fR should specify the same file.
> .IP
> This option is not useful in normal operation, because the SSL peer
> must already have the CA certificate for the peer to have any
> -confidence in \fB\*(PN\fR's identity.  However, this option allows a
> -newly installed switch to obtain the peer CA certificate on first boot
> -using, e.g., the \fB\-\-bootstrap\-ca\-cert\fR option to
> -\fBovs\-openflowd\fR(8).
> +confidence in \fB\*(PN\fR's identity.  However, this offers a way for
> +a new installation to bootstrap the CA certificate on its first SSL
> +connection.
> diff --git a/lib/ssl-syn.man b/lib/ssl-syn.man
> index 4914841..5834545 100644
> --- a/lib/ssl-syn.man
> +++ b/lib/ssl-syn.man
> @@ -3,4 +3,4 @@
> .br
> [\fB\-\-certificate=\fIcert.pem\fR]
> .br
> -[\fB\-\-ca\-cert=\fIswitch\-cacert.pem\fR]
> +[\fB\-\-ca\-cert=\fIcacert.pem\fR]
> diff --git a/ovsdb/ovsdb-client.1.in b/ovsdb/ovsdb-client.1.in
> index c7a1fea..8bd1c12 100644
> --- a/ovsdb/ovsdb-client.1.in
> +++ b/ovsdb/ovsdb-client.1.in
> @@ -6,7 +6,10 @@
> ..
> .\" -*- nroff -*-
> .TH ovsdb\-client 1 "November 2009" "Open vSwitch" "Open vSwitch Manual"
> +.\" This program's name:
> .ds PN ovsdb\-client
> +.\" SSL peer program's name:
> +.ds SN ovsdb\-server
> .
> .SH NAME
> ovsdb\-client \- command-line interface to \fBovsdb-server\fR(1)
> diff --git a/ovsdb/ovsdb-server.1.in b/ovsdb/ovsdb-server.1.in
> index 7162733..d7beba7 100644
> --- a/ovsdb/ovsdb-server.1.in
> +++ b/ovsdb/ovsdb-server.1.in
> @@ -15,6 +15,8 @@ ovsdb\-server \- Open vSwitch database server
> [\fB\-\-run=\fIcommand\fR]
> .so lib/daemon-syn.man
> .so lib/vlog-syn.man
> +.so lib/ssl-syn.man
> +.so lib/ssl-bootstrap-syn.man
> .so lib/unixctl-syn.man
> .so lib/common-syn.man
> .
> diff --git a/utilities/ovs-openflowd.8.in b/utilities/ovs-openflowd.8.in
> index 689ff5c..4c10d8d 100644
> --- a/utilities/ovs-openflowd.8.in
> +++ b/utilities/ovs-openflowd.8.in
> @@ -1,5 +1,8 @@
> .TH ovs\-openflowd 8 "March 2009" "Open vSwitch" "Open vSwitch Manual"
> +.\" This program's name:
> .ds PN ovs\-openflowd
> +.\" SSL peer program's name:
> +.ds SN ovs\-controller
> .
> .SH NAME
> ovs\-openflowd \- OpenFlow switch implementation
> diff --git a/utilities/ovs-vsctl.8.in b/utilities/ovs-vsctl.8.in
> index 4085079..7476777 100644
> --- a/utilities/ovs-vsctl.8.in
> +++ b/utilities/ovs-vsctl.8.in
> @@ -11,7 +11,10 @@
> .  RE
> ..
> .TH ovs\-vsctl 8 "November 2009" "Open vSwitch" "Open vSwitch Manual"
> +.\" This program's name:
> .ds PN ovs\-vsctl
> +.\" SSL peer program's name:
> +.ds SN ovsdb\-server
> .
> .SH NAME
> ovs\-vsctl \- utility for querying and configuring \fBovs\-vswitchd\fR
> @@ -123,6 +126,8 @@ not used, \fBovs\-vsctl\fR uses a timeout of five seconds.
> .
> .SS "Public Key Infrastructure Options"
> .so lib/ssl.man
> +.so lib/ssl-bootstrap.man
> +.so lib/ssl-peer-ca-cert.man
> .so lib/vlog.man
> .
> .SH COMMANDS
> diff --git a/vswitchd/ovs-vswitchd.8.in b/vswitchd/ovs-vswitchd.8.in
> index f2fc43c..42282c1 100644
> --- a/vswitchd/ovs-vswitchd.8.in
> +++ b/vswitchd/ovs-vswitchd.8.in
> @@ -5,7 +5,10 @@
> .  IP "\\$1"
> ..
> .TH ovs\-vswitchd 8 "June 2009" "Open vSwitch" "Open vSwitch Manual"
> +.\" This program's name:
> .ds PN ovs\-vswitchd
> +.\" SSL peer program's name:
> +.ds SN ovs\-controller
> .
> .SH NAME
> ovs\-vswitchd \- Open vSwitch daemon
> -- 
> 1.7.1
> 
> 
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev_openvswitch.org





More information about the dev mailing list