From: Ben Pfaff <blp@nicira.com>
Date: Tue, 25 Jan 2011 23:27:54 +0000 (-0800)
Subject: vswitchd: Initialize SSL keys before making SSL connections.
X-Git-Url: https://pintos-os.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d6da96ce2b32f477a79f9d980a659ba31f71d191;p=openvswitch

vswitchd: Initialize SSL keys before making SSL connections.

Otherwise, if SSL is configured at startup then the first connection
attempt fails with warnings about keys not be configured.

Bug #4448.
---

diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c
index 5339154a..ef2a22a9 100644
--- a/vswitchd/bridge.c
+++ b/vswitchd/bridge.c
@@ -1385,6 +1385,20 @@ bridge_run(void)
     /* (Re)configure if necessary. */
     database_changed = ovsdb_idl_run(idl);
     cfg = ovsrec_open_vswitch_first(idl);
+#ifdef HAVE_OPENSSL
+    /* Re-configure SSL.  We do this on every trip through the main loop,
+     * instead of just when the database changes, because the contents of the
+     * key and certificate files can change without the database changing.
+     *
+     * We do this before bridge_reconfigure() because that function might
+     * initiate SSL connections and thus requires SSL to be configured. */
+    if (cfg && cfg->ssl) {
+        const struct ovsrec_ssl *ssl = cfg->ssl;
+
+        stream_ssl_set_key_and_cert(ssl->private_key, ssl->certificate);
+        stream_ssl_set_ca_cert_file(ssl->ca_cert, ssl->bootstrap_ca_cert);
+    }
+#endif
     if (database_changed || datapath_destroyed) {
         if (cfg) {
             struct ovsdb_idl_txn *txn = ovsdb_idl_txn_create(idl);
@@ -1404,18 +1418,6 @@ bridge_run(void)
         }
     }
 
-#ifdef HAVE_OPENSSL
-    /* Re-configure SSL.  We do this on every trip through the main loop,
-     * instead of just when the database changes, because the contents of the
-     * key and certificate files can change without the database changing. */
-    if (cfg && cfg->ssl) {
-        const struct ovsrec_ssl *ssl = cfg->ssl;
-
-        stream_ssl_set_key_and_cert(ssl->private_key, ssl->certificate);
-        stream_ssl_set_ca_cert_file(ssl->ca_cert, ssl->bootstrap_ca_cert);
-    }
-#endif
-
     /* Refresh system and interface stats if necessary. */
     if (time_msec() >= stats_timer) {
         if (cfg) {