[ovs-discuss] OVSDB with SSL connection
paul at plumewifi.com
Fri Jan 6 06:26:20 UTC 2017
Thanks for the response. I'd be happy to work on a patch and submit it
I'll document a few options, and run it by this mailing list. The
implementation can be done a couple of different ways, based on the
separated layers (reconnect / jsonrpc / stream / etc) and each with their
own pros/cons. I'd love to get input before choosing which way to go.
On Thu, Jan 5, 2017 at 9:01 PM, Ben Pfaff <blp at ovn.org> wrote:
> On Thu, Jan 05, 2017 at 05:50:45PM -0800, Paul White wrote:
> > I am configuring ovsdb-server to connect to a remote manager using SSL.
> > have the certificates configured, and the connection works as long as I
> > not configure a ca-cert. Configuring a ca-cert causes server-side
> > certificate verification to fail in OpenSSL.
> > I believe this is because I am only allowed to insert an IP address for
> > remote manager target and the remote server is using a certificate
> > generated with it's DNS name, not IP address.
> > Is there a way (or any plans to support) providing a hostname target
> > the manager table? This would allow the OpenSSL library to properly
> > server-side certificate. Using per-IP certificates is not an option for
> > to due to load balancing and scale.
> We'd accept a working patch.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the discuss