[ovs-discuss] OVSDB with SSL connection
Paul White
paul at plumewifi.com
Fri Jan 6 06:26:20 UTC 2017
Hi Ben,
Thanks for the response. I'd be happy to work on a patch and submit it
back.
I'll document a few options, and run it by this mailing list. The
implementation can be done a couple of different ways, based on the
separated layers (reconnect / jsonrpc / stream / etc) and each with their
own pros/cons. I'd love to get input before choosing which way to go.
Thanks,
Paul
On Thu, Jan 5, 2017 at 9:01 PM, Ben Pfaff <blp at ovn.org> wrote:
> On Thu, Jan 05, 2017 at 05:50:45PM -0800, Paul White wrote:
> > I am configuring ovsdb-server to connect to a remote manager using SSL.
> I
> > have the certificates configured, and the connection works as long as I
> do
> > not configure a ca-cert. Configuring a ca-cert causes server-side
> > certificate verification to fail in OpenSSL.
> >
> > I believe this is because I am only allowed to insert an IP address for
> > remote manager target and the remote server is using a certificate
> > generated with it's DNS name, not IP address.
> >
> > Is there a way (or any plans to support) providing a hostname target
> inside
> > the manager table? This would allow the OpenSSL library to properly
> verify
> > server-side certificate. Using per-IP certificates is not an option for
> us
> > to due to load balancing and scale.
>
> We'd accept a working patch.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170105/d0111278/attachment.html>
More information about the discuss
mailing list