Make it easier to bootstrap the PKI for SSL connections in OpenFlow.

[openvswitch] / switch / switch.c

diff --git a/switch/switch.c b/switch/switch.c
index cd14f051ea06e55ea4656d0debf868a9abdc3fb4..a7624126cd51c92f07375845a774cc14410910ee 100644 (file)
--- a/switch/switch.c
+++ b/switch/switch.c
@@ -68,7 +68,7 @@ char serial_num[SERIAL_NUM_LEN] = "None";
 static void parse_options(int argc, char *argv[]);
 static void usage(void) NO_RETURN;
 
-static const char *listen_vconn_name;
+static const char *listen_pvconn_name;
 static struct datapath *dp;
 static uint64_t dpid = UINT64_MAX;
 static char *port_list;
@@ -102,18 +102,15 @@ main(int argc, char *argv[])
         ofp_fatal(0, "no support for %s vconn", argv[optind]);
     }
     error = dp_new(&dp, dpid, rconn);
-    if (listen_vconn_name) {
-        struct vconn *listen_vconn;
+    if (listen_pvconn_name) {
+        struct pvconn *listen_pvconn;
         int retval;
-        
-        retval = vconn_open(listen_vconn_name, &listen_vconn);
+
+        retval = pvconn_open(listen_pvconn_name, &listen_pvconn);
         if (retval && retval != EAGAIN) {
-            ofp_fatal(retval, "opening %s", listen_vconn_name);
-        }
-        if (!vconn_is_passive(listen_vconn)) {
-            ofp_fatal(0, "%s is not a passive vconn", listen_vconn_name);
+            ofp_fatal(retval, "opening %s", listen_pvconn_name);
         }
-        dp_add_listen_vconn(dp, listen_vconn);
+        dp_add_listen_pvconn(dp, listen_pvconn);
     }
     if (error) {
         ofp_fatal(error, "could not create datapath");
@@ -165,7 +162,8 @@ parse_options(int argc, char *argv[])
         OPT_MFR_DESC,
         OPT_HW_DESC,
         OPT_SW_DESC,
-        OPT_SERIAL_NUM
+        OPT_SERIAL_NUM,
+        OPT_BOOTSTRAP_CA_CERT
     };
 
     static struct option long_options[] = {
@@ -183,7 +181,10 @@ parse_options(int argc, char *argv[])
         {"hw-desc",     required_argument, 0, OPT_HW_DESC},
         {"sw-desc",     required_argument, 0, OPT_SW_DESC},
         {"serial_num",  required_argument, 0, OPT_SERIAL_NUM},
+#ifdef HAVE_OPENSSL
         VCONN_SSL_LONG_OPTIONS
+        {"bootstrap-ca-cert", required_argument, 0, OPT_BOOTSTRAP_CA_CERT},
+#endif
         {0, 0, 0, 0},
     };
     char *short_options = long_options_to_short_options(long_options);
@@ -268,14 +269,20 @@ parse_options(int argc, char *argv[])
             break;
 
         case 'l':
-            if (listen_vconn_name) {
+            if (listen_pvconn_name) {
                 ofp_fatal(0, "-l or --listen may be only specified once");
             }
-            listen_vconn_name = optarg;
+            listen_pvconn_name = optarg;
             break;
 
+#ifdef HAVE_OPENSSL
         VCONN_SSL_OPTION_HANDLERS
 
+        case OPT_BOOTSTRAP_CA_CERT:
+            vconn_ssl_set_ca_cert_file(optarg, true);
+            break;
+#endif
+
         case '?':
             exit(EXIT_FAILURE);
 
@@ -293,7 +300,7 @@ usage(void)
            "usage: %s [OPTIONS] CONTROLLER\n"
            "where CONTROLLER is an active OpenFlow connection method.\n",
            program_name, program_name);
-    vconn_usage(true, true);
+    vconn_usage(true, true, true);
     printf("\nConfiguration options:\n"
            "  -i, --interfaces=NETDEV[,NETDEV]...\n"
            "                          add specified initial switch ports\n"