[ovs-git] Open vSwitch: vswitch: Limit SSL table to a single row. (master)

dev at openvswitch.org dev at openvswitch.org
Fri Mar 19 23:58:52 UTC 2010


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Open vSwitch".

The branch, master has been updated
       via  a4230dedddd1909f84947b9c6cdf88a23e10a301 (commit)
       via  78876719e0eaf181a6775417ad41ec5852efa863 (commit)
       via  a976b2eca2bdbc69b9dabf9157b81a98c0e4a9e0 (commit)
       via  ac3005057c9baf5fab366e31e2c18b26685a73e2 (commit)
       via  1af5bea7f37f74acd9aca5d8f2f15344c8c127dc (commit)
       via  415f6c0b1c61c4d957e14062ca4cf47a732e9a24 (commit)
       via  deb1f4336ce5a795e21997e2c394347c00063800 (commit)
      from  af7b73f4706bd565027bfc8b6e5d4a7c8c55a068 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a4230dedddd1909f84947b9c6cdf88a23e10a301
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=a4230dedddd1909f84947b9c6cdf88a23e10a301
Author: Ben Pfaff <blp at nicira.com>
		
vswitch: Limit SSL table to a single row.
		
Only a single row in the SSL can be useful currently.  This should help to
prevent confusion since ovsdb-server will choose an SSL configuration
randomly if there is more than one.


commit 78876719e0eaf181a6775417ad41ec5852efa863
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=78876719e0eaf181a6775417ad41ec5852efa863
Author: Ben Pfaff <blp at nicira.com>
		
ovsdb-server: Obtain SSL configuration from database.
		
ovsdb-server should be able to obtain its SSL configuration from the
database that it is serving out, instead of having to specify it on the
command line.  This commit makes it so.


commit a976b2eca2bdbc69b9dabf9157b81a98c0e4a9e0
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=a976b2eca2bdbc69b9dabf9157b81a98c0e4a9e0
Author: Ben Pfaff <blp at nicira.com>
		
docs: Fix ovsdb-server manpage.
		
The description of --remote=db:table,column got accidentally dropped a
number of commits back, so restore it.  Also, document that ovsdb-server
supports SSL bootstrapping.


commit ac3005057c9baf5fab366e31e2c18b26685a73e2
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=ac3005057c9baf5fab366e31e2c18b26685a73e2
Author: Ben Pfaff <blp at nicira.com>
		
docs: Move PKI section heading into individual manpages.
		
The ovsdb-server manpage needs a paragraph between the heading and the
first option description, so the heading can't go into the common fragment.


commit 1af5bea7f37f74acd9aca5d8f2f15344c8c127dc
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=1af5bea7f37f74acd9aca5d8f2f15344c8c127dc
Author: Ben Pfaff <blp at nicira.com>
		
docs: Make SSL manpage fragments less specific to OpenFlow.
		
These manpage fragments are used in OVSDB manpages as well, so their text
should try to avoid referring to OpenFlow-specific concepts.


commit 415f6c0b1c61c4d957e14062ca4cf47a732e9a24
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=415f6c0b1c61c4d957e14062ca4cf47a732e9a24
Author: Ben Pfaff <blp at nicira.com>
		
stream-ssl: Make no-op reconfiguration cheap.
		
Until now, the stream_ssl functions for configuring private keys,
certificates, and CA certificates have always called into OpenSSL to read
a file.  This commit instead makes them do that only if the file name
changed (or it has been 60 seconds since we last tried, in case someone
installed the file behind our backs).

This allows us to factor some code out of vswitchd.  In an upcoming commit
we will want to do essentially the same thing from ovsdb-server, so this
avoid code redundancy.


commit deb1f4336ce5a795e21997e2c394347c00063800
Diffs: http://openvswitch.org/cgi-bin/gitweb.cgi?p=openvswitch;a=commitdiff;h=deb1f4336ce5a795e21997e2c394347c00063800
Author: Ben Pfaff <blp at nicira.com>
		
stream-ssl: Permit race in bootstrapping CA certificate.
		
If two processes were both configured to bootstrap the CA certificate, then
one of them would succeed in writing it to a file and use it, and the other
one would fail to use it because the file was created behind its back.
This commit fixes the problem by making the bootstrap code accept a CA
certificate file that exists at the time that bootstrapping tries to create
it.


-----------------------------------------------------------------------

Summary of changes:
 debian/openvswitch-switch.init |    3 +
 lib/ssl-bootstrap.man          |    2 +-
 lib/ssl.man                    |    7 +-
 lib/stream-ssl.c               |  150 +++++++++++++++++++++++++---------------
 ovsdb/ovsdb-client.1.in        |    1 +
 ovsdb/ovsdb-server.1.in        |   19 +++++
 ovsdb/ovsdb-server.c           |  109 +++++++++++++++++++++++------
 tests/ovsdb-macros.at          |    3 +-
 tests/ovsdb-server.at          |   54 ++++++++++++++
 utilities/ovs-controller.8.in  |    1 +
 utilities/ovs-ofctl.8.in       |    1 +
 utilities/ovs-openflowd.8.in   |    1 +
 utilities/ovs-vsctl.8.in       |    1 +
 vswitchd/bridge.c              |   45 ++-----------
 vswitchd/ovs-vswitchd.8.in     |    1 +
 vswitchd/vswitch.ovsschema     |    3 +-
 xenserver/etc_init.d_vswitch   |    5 +-
 17 files changed, 281 insertions(+), 125 deletions(-)


hooks/post-receive
-- 
Open vSwitch




More information about the git mailing list