ovs-vswitchd: Add ability to bootstrap SSL.

author Ben Pfaff <blp@nicira.com>

Mon, 21 Dec 2009 21:06:47 +0000 (13:06 -0800)

committer Ben Pfaff <blp@nicira.com>

Wed, 6 Jan 2010 22:35:21 +0000 (14:35 -0800)
author Ben Pfaff <blp@nicira.com>
Mon, 21 Dec 2009 21:06:47 +0000 (13:06 -0800)
committer Ben Pfaff <blp@nicira.com>
Wed, 6 Jan 2010 22:35:21 +0000 (14:35 -0800)
diff --git a/vswitchd/ovs-vswitchd.8.in b/vswitchd/ovs-vswitchd.8.in

index 5a016cd0adad3334e836d74345c45152b6b49327..958265be907e2858c4749921c335e4a8a0279586 100644 (file)
--- a/vswitchd/ovs-vswitchd.8.in
+++ b/vswitchd/ovs-vswitchd.8.in
@@ -21,10 +21,7 @@ on the local machine.
  The mandatory \fIdatabase\fR argument specifies the
  \fBovsdb\-server\fR from which \fBovs\-vswitchd\fR's configuration
  should be retrieved.  It takes one of the following forms:
-.IP "\fBtcp:\fIip\fB:\fIport\fR"
-Connect to the given TCP \fIport\fR on \fIip\fR.
-.IP "\fBunix:\fIfile\fR"
-Connect to the Unix domain server socket named \fIfile\fR.
+.so ovsdb/remote-active.man
  .PP
  \fBovs\-vswitchd\fR retrieves its configuration from \fIdatabase\fR at
  startup.  It sets up Open vSwitch datapaths and then operates
@@ -82,6 +79,8 @@ actually in use.  It requires the \fBbrcompat_mod.ko\fR kernel module
  to be loaded.
  .
  .so lib/daemon.man
+.so lib/ssl.man
+.so lib/ssl-bootstrap.man
  .so lib/vlog.man
  .so lib/common.man
  .so lib/leak-checker.man
diff --git a/vswitchd/ovs-vswitchd.c b/vswitchd/ovs-vswitchd.c

index 1d1fa291f1e6ce91ea5a5cf5bc2d91b1b8a16837..6b7ad4e4bd270318fc6a77df2d4107a78cc88190 100644 (file)
--- a/vswitchd/ovs-vswitchd.c
+++ b/vswitchd/ovs-vswitchd.c
@@ -138,7 +138,8 @@ parse_options(int argc, char *argv[])
          OPT_PEER_CA_CERT = UCHAR_MAX + 1,
          OPT_FAKE_PROC_NET,
          VLOG_OPTION_ENUMS,
-        LEAK_CHECKER_OPTION_ENUMS
+        LEAK_CHECKER_OPTION_ENUMS,
+        OPT_BOOTSTRAP_CA_CERT
      };
      static struct option long_options[] = {
          {"help",        no_argument, 0, 'h'},
@@ -150,6 +151,7 @@ parse_options(int argc, char *argv[])
  #ifdef HAVE_OPENSSL
          STREAM_SSL_LONG_OPTIONS
          {"peer-ca-cert", required_argument, 0, OPT_PEER_CA_CERT},
+        {"bootstrap-ca-cert", required_argument, 0, OPT_BOOTSTRAP_CA_CERT},
  #endif
          {0, 0, 0, 0},
      };
@@ -191,6 +193,10 @@ parse_options(int argc, char *argv[])
          case OPT_PEER_CA_CERT:
              stream_ssl_set_peer_ca_cert_file(optarg);
              break;
+
+        case OPT_BOOTSTRAP_CA_CERT:
+            stream_ssl_set_ca_cert_file(optarg, true);
+            break;
  #endif
  
          case '?':
author	Ben Pfaff <blp@nicira.com>
	Mon, 21 Dec 2009 21:06:47 +0000 (13:06 -0800)
committer	Ben Pfaff <blp@nicira.com>
	Wed, 6 Jan 2010 22:35:21 +0000 (14:35 -0800)
vswitchd/ovs-vswitchd.8.in		patch \| blob \| history
vswitchd/ovs-vswitchd.c		patch \| blob \| history