[ovs-dev] [PATCH 9/9] ovs-vswitchd: Add ability to bootstrap SSL.

Justin Pettit jpettit at nicira.com
Wed Jan 6 14:02:51 PST 2010 

Looks good. 

--Justin


On Dec 21, 2009, at 1:15 PM, Ben Pfaff wrote:

> ---
> vswitchd/ovs-vswitchd.8.in |    7 +++----
> vswitchd/ovs-vswitchd.c    |    8 +++++++-
> 2 files changed, 10 insertions(+), 5 deletions(-)
> 
> diff --git a/vswitchd/ovs-vswitchd.8.in b/vswitchd/ovs-vswitchd.8.in
> index 5a016cd..958265b 100644
> --- a/vswitchd/ovs-vswitchd.8.in
> +++ b/vswitchd/ovs-vswitchd.8.in
> @@ -21,10 +21,7 @@ on the local machine.
> The mandatory \fIdatabase\fR argument specifies the
> \fBovsdb\-server\fR from which \fBovs\-vswitchd\fR's configuration
> should be retrieved.  It takes one of the following forms:
> -.IP "\fBtcp:\fIip\fB:\fIport\fR"
> -Connect to the given TCP \fIport\fR on \fIip\fR.
> -.IP "\fBunix:\fIfile\fR"
> -Connect to the Unix domain server socket named \fIfile\fR.
> +.so ovsdb/remote-active.man
> .PP
> \fBovs\-vswitchd\fR retrieves its configuration from \fIdatabase\fR at
> startup.  It sets up Open vSwitch datapaths and then operates
> @@ -82,6 +79,8 @@ actually in use.  It requires the \fBbrcompat_mod.ko\fR kernel module
> to be loaded.
> .
> .so lib/daemon.man
> +.so lib/ssl.man
> +.so lib/ssl-bootstrap.man
> .so lib/vlog.man
> .so lib/common.man
> .so lib/leak-checker.man
> diff --git a/vswitchd/ovs-vswitchd.c b/vswitchd/ovs-vswitchd.c
> index 1d1fa29..6b7ad4e 100644
> --- a/vswitchd/ovs-vswitchd.c
> +++ b/vswitchd/ovs-vswitchd.c
> @@ -138,7 +138,8 @@ parse_options(int argc, char *argv[])
>         OPT_PEER_CA_CERT = UCHAR_MAX + 1,
>         OPT_FAKE_PROC_NET,
>         VLOG_OPTION_ENUMS,
> -        LEAK_CHECKER_OPTION_ENUMS
> +        LEAK_CHECKER_OPTION_ENUMS,
> +        OPT_BOOTSTRAP_CA_CERT
>     };
>     static struct option long_options[] = {
>         {"help",        no_argument, 0, 'h'},
> @@ -150,6 +151,7 @@ parse_options(int argc, char *argv[])
> #ifdef HAVE_OPENSSL
>         STREAM_SSL_LONG_OPTIONS
>         {"peer-ca-cert", required_argument, 0, OPT_PEER_CA_CERT},
> +        {"bootstrap-ca-cert", required_argument, 0, OPT_BOOTSTRAP_CA_CERT},
> #endif
>         {0, 0, 0, 0},
>     };
> @@ -191,6 +193,10 @@ parse_options(int argc, char *argv[])
>         case OPT_PEER_CA_CERT:
>             stream_ssl_set_peer_ca_cert_file(optarg);
>             break;
> +
> +        case OPT_BOOTSTRAP_CA_CERT:
> +            stream_ssl_set_ca_cert_file(optarg, true);
> +            break;
> #endif
> 
>         case '?':
> -- 
> 1.6.3.3
> 
> 
> _______________________________________________
> dev mailing list
> dev at openvswitch.org
> http://openvswitch.org/mailman/listinfo/dev_openvswitch.org

More information about the dev mailing list