[ovs-dev] [PATCH 9/9] ovs-vswitchd: Add ability to bootstrap SSL.

Ben Pfaff blp at nicira.com
Wed Jan 6 22:41:14 UTC 2010


Thanks.  I pushed this series, after making the changes that you
suggested (see other emails).

On Wed, Jan 06, 2010 at 02:02:51PM -0800, Justin Pettit wrote:
> Looks good. 
> 
> --Justin
> 
> 
> On Dec 21, 2009, at 1:15 PM, Ben Pfaff wrote:
> 
> > ---
> > vswitchd/ovs-vswitchd.8.in |    7 +++----
> > vswitchd/ovs-vswitchd.c    |    8 +++++++-
> > 2 files changed, 10 insertions(+), 5 deletions(-)
> > 
> > diff --git a/vswitchd/ovs-vswitchd.8.in b/vswitchd/ovs-vswitchd.8.in
> > index 5a016cd..958265b 100644
> > --- a/vswitchd/ovs-vswitchd.8.in
> > +++ b/vswitchd/ovs-vswitchd.8.in
> > @@ -21,10 +21,7 @@ on the local machine.
> > The mandatory \fIdatabase\fR argument specifies the
> > \fBovsdb\-server\fR from which \fBovs\-vswitchd\fR's configuration
> > should be retrieved.  It takes one of the following forms:
> > -.IP "\fBtcp:\fIip\fB:\fIport\fR"
> > -Connect to the given TCP \fIport\fR on \fIip\fR.
> > -.IP "\fBunix:\fIfile\fR"
> > -Connect to the Unix domain server socket named \fIfile\fR.
> > +.so ovsdb/remote-active.man
> > .PP
> > \fBovs\-vswitchd\fR retrieves its configuration from \fIdatabase\fR at
> > startup.  It sets up Open vSwitch datapaths and then operates
> > @@ -82,6 +79,8 @@ actually in use.  It requires the \fBbrcompat_mod.ko\fR kernel module
> > to be loaded.
> > .
> > .so lib/daemon.man
> > +.so lib/ssl.man
> > +.so lib/ssl-bootstrap.man
> > .so lib/vlog.man
> > .so lib/common.man
> > .so lib/leak-checker.man
> > diff --git a/vswitchd/ovs-vswitchd.c b/vswitchd/ovs-vswitchd.c
> > index 1d1fa29..6b7ad4e 100644
> > --- a/vswitchd/ovs-vswitchd.c
> > +++ b/vswitchd/ovs-vswitchd.c
> > @@ -138,7 +138,8 @@ parse_options(int argc, char *argv[])
> >         OPT_PEER_CA_CERT = UCHAR_MAX + 1,
> >         OPT_FAKE_PROC_NET,
> >         VLOG_OPTION_ENUMS,
> > -        LEAK_CHECKER_OPTION_ENUMS
> > +        LEAK_CHECKER_OPTION_ENUMS,
> > +        OPT_BOOTSTRAP_CA_CERT
> >     };
> >     static struct option long_options[] = {
> >         {"help",        no_argument, 0, 'h'},
> > @@ -150,6 +151,7 @@ parse_options(int argc, char *argv[])
> > #ifdef HAVE_OPENSSL
> >         STREAM_SSL_LONG_OPTIONS
> >         {"peer-ca-cert", required_argument, 0, OPT_PEER_CA_CERT},
> > +        {"bootstrap-ca-cert", required_argument, 0, OPT_BOOTSTRAP_CA_CERT},
> > #endif
> >         {0, 0, 0, 0},
> >     };
> > @@ -191,6 +193,10 @@ parse_options(int argc, char *argv[])
> >         case OPT_PEER_CA_CERT:
> >             stream_ssl_set_peer_ca_cert_file(optarg);
> >             break;
> > +
> > +        case OPT_BOOTSTRAP_CA_CERT:
> > +            stream_ssl_set_ca_cert_file(optarg, true);
> > +            break;
> > #endif
> > 
> >         case '?':
> > -- 
> > 1.6.3.3
> > 
> > 
> > _______________________________________________
> > dev mailing list
> > dev at openvswitch.org
> > http://openvswitch.org/mailman/listinfo/dev_openvswitch.org
> 




More information about the dev mailing list