[ovs-discuss] OVSDB with SSL connection

Paul White paul at plumewifi.com
Fri Jan 6 01:50:45 UTC 2017


Hi all,

I am configuring ovsdb-server to connect to a remote manager using SSL.  I
have the certificates configured, and the connection works as long as I do
not configure a ca-cert.   Configuring a ca-cert causes server-side
certificate verification to fail in OpenSSL.

I believe this is because I am only allowed to insert an IP address for
remote manager target and the remote server is using a certificate
generated with it's DNS name, not IP address.

Is there a way (or any plans to support) providing a hostname target inside
the manager table?  This would allow the OpenSSL library to properly verify
server-side certificate.  Using per-IP certificates is not an option for us
to due to load balancing and scale.

An example:

Works: "ssl:1.2.3.4:443"
Does not work: "ssl:manager.example.com:443"

Thank you,
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170105/499b736d/attachment.html>


More information about the discuss mailing list