From: Justin Pettit <jpettit@nicira.com>
Date: Thu, 12 Mar 2009 01:41:12 +0000 (-0700)
Subject: Indicate that SSL configuration is global in vswitchd.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0e1bb45dd2e8ae16c993b3408d208a98f466234d;p=openvswitch

Indicate that SSL configuration is global in vswitchd.

The vconn-ssl library only supports global settings for keys and other
SSL configuration.  Make vswitchd.conf mgmt use "ssl." instead of
"mgmt.ssl." to relect that the settings are shared with the bridges.
---

diff --git a/vswitchd/mgmt.c b/vswitchd/mgmt.c
index 8d822d85..4c312ae3 100644
--- a/vswitchd/mgmt.c
+++ b/vswitchd/mgmt.c
@@ -107,17 +107,19 @@ mgmt_configure_ssl(void)
     static char *certificate_file;
     static char *cacert_file;
 
-    if (config_string_change("mgmt.ssl.private-key", &private_key_file)) {
+    /* XXX SSL should be configurable separate from the bridges.
+     * XXX should be possible to de-configure SSL. */
+    if (config_string_change("ssl.private-key", &private_key_file)) {
         vconn_ssl_set_private_key_file(private_key_file);
     }
 
-    if (config_string_change("mgmt.ssl.certificate", &certificate_file)) {
+    if (config_string_change("ssl.certificate", &certificate_file)) {
         vconn_ssl_set_certificate_file(certificate_file);
     }
 
-    if (config_string_change("mgmt.ssl.ca-cert", &cacert_file)) {
+    if (config_string_change("ssl.ca-cert", &cacert_file)) {
         vconn_ssl_set_ca_cert_file(cacert_file,
-                cfg_get_bool(0, "mgmt.ssl.bootstrap-ca-cert"));
+                cfg_get_bool(0, "ssl.bootstrap-ca-cert"));
     }
 }
 #endif
diff --git a/vswitchd/vswitchd.conf.5 b/vswitchd/vswitchd.conf.5
index 92c16e19..09921640 100644
--- a/vswitchd/vswitchd.conf.5
+++ b/vswitchd/vswitchd.conf.5
@@ -375,9 +375,9 @@ following forms:
 .TP
 \fBssl:\fIhost\fR[\fB:\fIport\fR]
 The specified SSL \fIport\fR (default: 6633) on the given remote
-\fIhost\fR.  The \fBmgmt.ssl.private-key\fR, \fBmgmt.ssl.certificate\fR,
-and \fBmgmt.ssl.ca-cert\fR keys must be set appropriately.  If the
-\fBmgmt.ssl.bootstrap-ca-cert\fR key is set to "true", then
+\fIhost\fR.  The \fBssl.private-key\fR, \fBssl.certificate\fR,
+and \fBssl.ca-cert\fR keys must be set appropriately.  If the
+\fBssl.bootstrap-ca-cert\fR key is set to "true", then
 \fBvswitchd\fR will attempt to obtain the CA certificate from the
 controller.
 .