[ovs-discuss] OVSDB with SSL connection

Paul White paul at plumewifi.com
Fri Jan 6 06:26:20 UTC 2017

Hi Ben,

Thanks for the response.  I'd be happy to work on a patch and submit it

I'll document a few options, and run it by this mailing list.   The
implementation can be done a couple of different ways, based on the
separated layers (reconnect / jsonrpc / stream / etc) and each with their
own pros/cons. I'd love to get input before choosing which way to go.


On Thu, Jan 5, 2017 at 9:01 PM, Ben Pfaff <blp at ovn.org> wrote:

> On Thu, Jan 05, 2017 at 05:50:45PM -0800, Paul White wrote:
> > I am configuring ovsdb-server to connect to a remote manager using SSL.
> I
> > have the certificates configured, and the connection works as long as I
> do
> > not configure a ca-cert.   Configuring a ca-cert causes server-side
> > certificate verification to fail in OpenSSL.
> >
> > I believe this is because I am only allowed to insert an IP address for
> > remote manager target and the remote server is using a certificate
> > generated with it's DNS name, not IP address.
> >
> > Is there a way (or any plans to support) providing a hostname target
> inside
> > the manager table?  This would allow the OpenSSL library to properly
> verify
> > server-side certificate.  Using per-IP certificates is not an option for
> us
> > to due to load balancing and scale.
> We'd accept a working patch.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170105/d0111278/attachment.html>

More information about the discuss mailing list