[ovs-dev] [ssl 3/3] Fix SSL boilerplate descriptions in manpages.

Ben Pfaff blp at nicira.com
Thu Aug 19 16:47:26 UTC 2010


Thank you, I pushed it out.

On Tue, Aug 17, 2010 at 10:20:38AM -0700, Justin Pettit wrote:
> This series looks good to me.
> 
> --Justin
> 
> 
> On Aug 17, 2010, at 9:22 AM, Ben Pfaff wrote:
> 
> > Some of the SSL boilerplate was specific to switches, but it was included
> > in OVSDB programs also.  Make it more generic.  Also document SSL options
> > in some manpages where they were missing.
> > ---
> > lib/ssl-bootstrap.man        |    2 +-
> > lib/ssl-peer-ca-cert.man     |   13 +++++++------
> > lib/ssl-syn.man              |    2 +-
> > ovsdb/ovsdb-client.1.in      |    3 +++
> > ovsdb/ovsdb-server.1.in      |    2 ++
> > utilities/ovs-openflowd.8.in |    3 +++
> > utilities/ovs-vsctl.8.in     |    5 +++++
> > vswitchd/ovs-vswitchd.8.in   |    3 +++
> > 8 files changed, 25 insertions(+), 8 deletions(-)
> > 
> > diff --git a/lib/ssl-bootstrap.man b/lib/ssl-bootstrap.man
> > index 7fe4a1f..37ed791 100644
> > --- a/lib/ssl-bootstrap.man
> > +++ b/lib/ssl-bootstrap.man
> > @@ -15,7 +15,7 @@ for bootstrapping.
> > This option is only useful if the SSL peer sends its CA certificate as
> > part of the SSL certificate chain.  The SSL protocol does not require
> > the server to send the CA certificate, but
> > -\fBovs\-controller\fR(8) can be configured to do so with the
> > +\fB\*(SN\fR(8) can be configured to do so with the
> > \fB\-\-peer\-ca\-cert\fR option.
> > .IP
> > This option is mutually exclusive with \fB\-C\fR and
> > diff --git a/lib/ssl-peer-ca-cert.man b/lib/ssl-peer-ca-cert.man
> > index cfdd915..5450b9e 100644
> > --- a/lib/ssl-peer-ca-cert.man
> > +++ b/lib/ssl-peer-ca-cert.man
> > @@ -1,12 +1,13 @@
> > .IP "\fB\-\-peer\-ca\-cert=\fIpeer-cacert.pem\fR"
> > Specifies a PEM file that contains one or more additional certificates
> > to send to SSL peers.  \fIpeer-cacert.pem\fR should be the CA
> > -certificate used to sign the \fB\*(PN\fR own certificate (the
> > -certificate specified on \fB\-c\fR or \fB\-\-certificate\fR).
> > +certificate used to sign \fB\*(PN\fR's own certificate, that is, the
> > +certificate specified on \fB\-c\fR or \fB\-\-certificate\fR.  If
> > +\fB\*(PN\fR's certificate is self-signed, then \fB\-\-certificate\fR
> > +and \fB\-\-peer\-ca\-cert\fR should specify the same file.
> > .IP
> > This option is not useful in normal operation, because the SSL peer
> > must already have the CA certificate for the peer to have any
> > -confidence in \fB\*(PN\fR's identity.  However, this option allows a
> > -newly installed switch to obtain the peer CA certificate on first boot
> > -using, e.g., the \fB\-\-bootstrap\-ca\-cert\fR option to
> > -\fBovs\-openflowd\fR(8).
> > +confidence in \fB\*(PN\fR's identity.  However, this offers a way for
> > +a new installation to bootstrap the CA certificate on its first SSL
> > +connection.
> > diff --git a/lib/ssl-syn.man b/lib/ssl-syn.man
> > index 4914841..5834545 100644
> > --- a/lib/ssl-syn.man
> > +++ b/lib/ssl-syn.man
> > @@ -3,4 +3,4 @@
> > .br
> > [\fB\-\-certificate=\fIcert.pem\fR]
> > .br
> > -[\fB\-\-ca\-cert=\fIswitch\-cacert.pem\fR]
> > +[\fB\-\-ca\-cert=\fIcacert.pem\fR]
> > diff --git a/ovsdb/ovsdb-client.1.in b/ovsdb/ovsdb-client.1.in
> > index c7a1fea..8bd1c12 100644
> > --- a/ovsdb/ovsdb-client.1.in
> > +++ b/ovsdb/ovsdb-client.1.in
> > @@ -6,7 +6,10 @@
> > ..
> > .\" -*- nroff -*-
> > .TH ovsdb\-client 1 "November 2009" "Open vSwitch" "Open vSwitch Manual"
> > +.\" This program's name:
> > .ds PN ovsdb\-client
> > +.\" SSL peer program's name:
> > +.ds SN ovsdb\-server
> > .
> > .SH NAME
> > ovsdb\-client \- command-line interface to \fBovsdb-server\fR(1)
> > diff --git a/ovsdb/ovsdb-server.1.in b/ovsdb/ovsdb-server.1.in
> > index 7162733..d7beba7 100644
> > --- a/ovsdb/ovsdb-server.1.in
> > +++ b/ovsdb/ovsdb-server.1.in
> > @@ -15,6 +15,8 @@ ovsdb\-server \- Open vSwitch database server
> > [\fB\-\-run=\fIcommand\fR]
> > .so lib/daemon-syn.man
> > .so lib/vlog-syn.man
> > +.so lib/ssl-syn.man
> > +.so lib/ssl-bootstrap-syn.man
> > .so lib/unixctl-syn.man
> > .so lib/common-syn.man
> > .
> > diff --git a/utilities/ovs-openflowd.8.in b/utilities/ovs-openflowd.8.in
> > index 689ff5c..4c10d8d 100644
> > --- a/utilities/ovs-openflowd.8.in
> > +++ b/utilities/ovs-openflowd.8.in
> > @@ -1,5 +1,8 @@
> > .TH ovs\-openflowd 8 "March 2009" "Open vSwitch" "Open vSwitch Manual"
> > +.\" This program's name:
> > .ds PN ovs\-openflowd
> > +.\" SSL peer program's name:
> > +.ds SN ovs\-controller
> > .
> > .SH NAME
> > ovs\-openflowd \- OpenFlow switch implementation
> > diff --git a/utilities/ovs-vsctl.8.in b/utilities/ovs-vsctl.8.in
> > index 4085079..7476777 100644
> > --- a/utilities/ovs-vsctl.8.in
> > +++ b/utilities/ovs-vsctl.8.in
> > @@ -11,7 +11,10 @@
> > .  RE
> > ..
> > .TH ovs\-vsctl 8 "November 2009" "Open vSwitch" "Open vSwitch Manual"
> > +.\" This program's name:
> > .ds PN ovs\-vsctl
> > +.\" SSL peer program's name:
> > +.ds SN ovsdb\-server
> > .
> > .SH NAME
> > ovs\-vsctl \- utility for querying and configuring \fBovs\-vswitchd\fR
> > @@ -123,6 +126,8 @@ not used, \fBovs\-vsctl\fR uses a timeout of five seconds.
> > .
> > .SS "Public Key Infrastructure Options"
> > .so lib/ssl.man
> > +.so lib/ssl-bootstrap.man
> > +.so lib/ssl-peer-ca-cert.man
> > .so lib/vlog.man
> > .
> > .SH COMMANDS
> > diff --git a/vswitchd/ovs-vswitchd.8.in b/vswitchd/ovs-vswitchd.8.in
> > index f2fc43c..42282c1 100644
> > --- a/vswitchd/ovs-vswitchd.8.in
> > +++ b/vswitchd/ovs-vswitchd.8.in
> > @@ -5,7 +5,10 @@
> > .  IP "\\$1"
> > ..
> > .TH ovs\-vswitchd 8 "June 2009" "Open vSwitch" "Open vSwitch Manual"
> > +.\" This program's name:
> > .ds PN ovs\-vswitchd
> > +.\" SSL peer program's name:
> > +.ds SN ovs\-controller
> > .
> > .SH NAME
> > ovs\-vswitchd \- Open vSwitch daemon
> > -- 
> > 1.7.1
> > 
> > 
> > _______________________________________________
> > dev mailing list
> > dev at openvswitch.org
> > http://openvswitch.org/mailman/listinfo/dev_openvswitch.org
> 




More information about the dev mailing list