[ovs-dev] [PATCH] configure: Enable OpenSSL support by default.

Ben Pfaff blp at nicira.com
Fri Aug 20 18:26:07 UTC 2010


Years ago some users had broken OpenSSL libraries that didn't actually
work, so we disabled OpenSSL by default.  By now, I hope that those users
have fixed their systems.
---
 INSTALL.Linux     |    5 +++--
 INSTALL.SSL       |   10 ++++------
 m4/openvswitch.m4 |   18 +++++++++++-------
 3 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/INSTALL.Linux b/INSTALL.Linux
index 3088f8c..3ae67d0 100644
--- a/INSTALL.Linux
+++ b/INSTALL.Linux
@@ -24,8 +24,9 @@ you will need the following software:
     - libssl, from OpenSSL, is optional but recommended if you plan to
       connect the Open vSwitch to an OpenFlow controller.  libssl is
       required to establish confidentiality and authenticity in the
-      connections from an Open vSwitch to an OpenFlow controller.  To
-      enable, configure with --enable-ssl=yes.
+      connections from an Open vSwitch to an OpenFlow controller.  If
+      libssl is installed, then Open vSwitch will automatically build
+      with support for it.
 
 To compile the kernel module, you must also install the following.  If
 you cannot build or install the kernel module, you may use the
diff --git a/INSTALL.SSL b/INSTALL.SSL
index 3b625fb..f322b41 100644
--- a/INSTALL.SSL
+++ b/INSTALL.SSL
@@ -2,15 +2,13 @@
                    ================================
 
 If you plan to configure Open vSwitch to connect across the network to
-an OpenFlow controller, then we recommend that you configure and
-enable SSL support in Open vSwitch.  SSL support ensures integrity and
-confidentiality of the OpenFlow connections, increasing network
-security.
+an OpenFlow controller, then we recommend that you build Open vSwitch
+with OpenSSL.  SSL support ensures integrity and confidentiality of
+the OpenFlow connections, increasing network security.
 
 This file explains how to configure an Open vSwitch to connect to an
 OpenFlow controller over SSL.  Refer to INSTALL.Linux for instructions
-on building Open vSwitch with SSL support.  (In particular, you must
-pass --enable-ssl to the "configure" script to use SSL.)
+on building Open vSwitch with SSL support.
 
 Open vSwitch uses TLS version 1.0 or later (TLSv1), as specified by
 RFC 2246, which is very similar to SSL version 3.0.  TLSv1 was
diff --git a/m4/openvswitch.m4 b/m4/openvswitch.m4
index 6fb8609..7bf4fc9 100644
--- a/m4/openvswitch.m4
+++ b/m4/openvswitch.m4
@@ -60,30 +60,34 @@ AC_DEFUN([OVS_CHECK_NETLINK],
                 [Define to 1 if Netlink protocol is available.])
    fi])
 
-dnl Checks for OpenSSL, if --enable-ssl is passed in.
+dnl Checks for OpenSSL.
 AC_DEFUN([OVS_CHECK_OPENSSL],
   [AC_ARG_ENABLE(
      [ssl],
-     [AC_HELP_STRING([--enable-ssl], 
-                     [Enable ssl support (requires libssl)])],
+     [AC_HELP_STRING([--disable-ssl], [Disable OpenSSL support])],
      [case "${enableval}" in
         (yes) ssl=true ;;
         (no)  ssl=false ;;
         (*) AC_MSG_ERROR([bad value ${enableval} for --enable-ssl]) ;;
       esac],
-     [ssl=false])
+     [ssl=check])
 
-   if test "$ssl" = true; then
+   if test "$ssl" != false; then
        dnl Make sure that pkg-config is installed.
        m4_pattern_forbid([PKG_CHECK_MODULES])
        PKG_CHECK_MODULES([SSL], [libssl], 
          [HAVE_OPENSSL=yes],
          [HAVE_OPENSSL=no
-          AC_MSG_WARN([Cannot find libssl:
+          if test "$ssl" = check; then
+            AC_MSG_WARN([Cannot find libssl:
 
 $SSL_PKG_ERRORS
 
-OpenFlow connections over SSL will not be supported.])])
+OpenFlow connections over SSL will not be supported.
+(You may use --disable-ssl to suppress this warning.)])
+          else
+            AC_MSG_ERROR([Cannot find libssl (use --disable-ssl to configure without SSL support)])
+          fi])
    else
        HAVE_OPENSSL=no
    fi
-- 
1.7.1





More information about the dev mailing list