[ovs-dev] [PATCH 9/9] ovs-vswitchd: Add ability to bootstrap SSL.
Ben Pfaff
blp at nicira.com
Wed Jan 6 22:41:14 UTC 2010
Thanks. I pushed this series, after making the changes that you
suggested (see other emails).
On Wed, Jan 06, 2010 at 02:02:51PM -0800, Justin Pettit wrote:
> Looks good.
>
> --Justin
>
>
> On Dec 21, 2009, at 1:15 PM, Ben Pfaff wrote:
>
> > ---
> > vswitchd/ovs-vswitchd.8.in | 7 +++----
> > vswitchd/ovs-vswitchd.c | 8 +++++++-
> > 2 files changed, 10 insertions(+), 5 deletions(-)
> >
> > diff --git a/vswitchd/ovs-vswitchd.8.in b/vswitchd/ovs-vswitchd.8.in
> > index 5a016cd..958265b 100644
> > --- a/vswitchd/ovs-vswitchd.8.in
> > +++ b/vswitchd/ovs-vswitchd.8.in
> > @@ -21,10 +21,7 @@ on the local machine.
> > The mandatory \fIdatabase\fR argument specifies the
> > \fBovsdb\-server\fR from which \fBovs\-vswitchd\fR's configuration
> > should be retrieved. It takes one of the following forms:
> > -.IP "\fBtcp:\fIip\fB:\fIport\fR"
> > -Connect to the given TCP \fIport\fR on \fIip\fR.
> > -.IP "\fBunix:\fIfile\fR"
> > -Connect to the Unix domain server socket named \fIfile\fR.
> > +.so ovsdb/remote-active.man
> > .PP
> > \fBovs\-vswitchd\fR retrieves its configuration from \fIdatabase\fR at
> > startup. It sets up Open vSwitch datapaths and then operates
> > @@ -82,6 +79,8 @@ actually in use. It requires the \fBbrcompat_mod.ko\fR kernel module
> > to be loaded.
> > .
> > .so lib/daemon.man
> > +.so lib/ssl.man
> > +.so lib/ssl-bootstrap.man
> > .so lib/vlog.man
> > .so lib/common.man
> > .so lib/leak-checker.man
> > diff --git a/vswitchd/ovs-vswitchd.c b/vswitchd/ovs-vswitchd.c
> > index 1d1fa29..6b7ad4e 100644
> > --- a/vswitchd/ovs-vswitchd.c
> > +++ b/vswitchd/ovs-vswitchd.c
> > @@ -138,7 +138,8 @@ parse_options(int argc, char *argv[])
> > OPT_PEER_CA_CERT = UCHAR_MAX + 1,
> > OPT_FAKE_PROC_NET,
> > VLOG_OPTION_ENUMS,
> > - LEAK_CHECKER_OPTION_ENUMS
> > + LEAK_CHECKER_OPTION_ENUMS,
> > + OPT_BOOTSTRAP_CA_CERT
> > };
> > static struct option long_options[] = {
> > {"help", no_argument, 0, 'h'},
> > @@ -150,6 +151,7 @@ parse_options(int argc, char *argv[])
> > #ifdef HAVE_OPENSSL
> > STREAM_SSL_LONG_OPTIONS
> > {"peer-ca-cert", required_argument, 0, OPT_PEER_CA_CERT},
> > + {"bootstrap-ca-cert", required_argument, 0, OPT_BOOTSTRAP_CA_CERT},
> > #endif
> > {0, 0, 0, 0},
> > };
> > @@ -191,6 +193,10 @@ parse_options(int argc, char *argv[])
> > case OPT_PEER_CA_CERT:
> > stream_ssl_set_peer_ca_cert_file(optarg);
> > break;
> > +
> > + case OPT_BOOTSTRAP_CA_CERT:
> > + stream_ssl_set_ca_cert_file(optarg, true);
> > + break;
> > #endif
> >
> > case '?':
> > --
> > 1.6.3.3
> >
> >
> > _______________________________________________
> > dev mailing list
> > dev at openvswitch.org
> > http://openvswitch.org/mailman/listinfo/dev_openvswitch.org
>
More information about the dev
mailing list