X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=vswitchd%2Fmgmt.c;h=e2cc4f1f866f85dc50dc4aa6740576be06b69949;hb=8cc013b20f730d394b89748b4b5fae27821ed908;hp=ce9d9f3341ee417d55959b3c79297f28ad0c8bd8;hpb=7c77c24dbd2563df398ae15f04304fe7a2f3c659;p=openvswitch diff --git a/vswitchd/mgmt.c b/vswitchd/mgmt.c index ce9d9f33..e2cc4f1f 100644 --- a/vswitchd/mgmt.c +++ b/vswitchd/mgmt.c @@ -19,6 +19,9 @@ #include #include #include +#include +#include +#include #include "bridge.h" #include "cfg.h" @@ -101,6 +104,7 @@ mgmt_configure_ssl(void) static char *private_key_file; static char *certificate_file; static char *cacert_file; + struct stat s; /* XXX SSL should be configurable separate from the bridges. * XXX should be possible to de-configure SSL. */ @@ -112,7 +116,13 @@ mgmt_configure_ssl(void) vconn_ssl_set_certificate_file(certificate_file); } - if (config_string_change("ssl.ca-cert", &cacert_file)) { + /* We assume that even if the filename hasn't changed, if the CA cert + * file has been removed, that we want to move back into + * boot-strapping mode. This opens a small security hole, because + * the old certificate will still be trusted until vSwitch is + * restarted. We may want to address this in vconn's SSL library. */ + if (config_string_change("ssl.ca-cert", &cacert_file) + || (stat(cacert_file, &s) && errno == ENOENT)) { vconn_ssl_set_ca_cert_file(cacert_file, cfg_get_bool(0, "ssl.bootstrap-ca-cert")); } @@ -516,20 +526,6 @@ send_config_update_ack(uint32_t xid, bool success) send_openflow_buffer(buffer); } -static void -send_ofmp_error_msg(uint32_t xid, uint16_t type, uint16_t code, - const void *data, size_t len) -{ - struct ofpbuf *buffer; - struct ofmp_error_msg *oem; - - oem = make_ofmp_xid(sizeof(*oem)+len, OFMPT_ERROR, xid, &buffer); - oem->type = htons(type); - oem->code = htons(code); - memcpy(oem->data, data, len); - send_openflow_buffer(buffer); -} - static void send_error_msg(uint32_t xid, uint16_t type, uint16_t code, const void *data, size_t len)