From 6f61c75b17a9906f88aae4b4a8fbdc12070cf34f Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Mon, 21 Dec 2009 13:06:47 -0800 Subject: [PATCH] ovs-vswitchd: Add ability to bootstrap SSL. --- vswitchd/ovs-vswitchd.8.in | 7 +++---- vswitchd/ovs-vswitchd.c | 8 +++++++- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/vswitchd/ovs-vswitchd.8.in b/vswitchd/ovs-vswitchd.8.in index 5a016cd0..958265be 100644 --- a/vswitchd/ovs-vswitchd.8.in +++ b/vswitchd/ovs-vswitchd.8.in @@ -21,10 +21,7 @@ on the local machine. The mandatory \fIdatabase\fR argument specifies the \fBovsdb\-server\fR from which \fBovs\-vswitchd\fR's configuration should be retrieved. It takes one of the following forms: -.IP "\fBtcp:\fIip\fB:\fIport\fR" -Connect to the given TCP \fIport\fR on \fIip\fR. -.IP "\fBunix:\fIfile\fR" -Connect to the Unix domain server socket named \fIfile\fR. +.so ovsdb/remote-active.man .PP \fBovs\-vswitchd\fR retrieves its configuration from \fIdatabase\fR at startup. It sets up Open vSwitch datapaths and then operates @@ -82,6 +79,8 @@ actually in use. It requires the \fBbrcompat_mod.ko\fR kernel module to be loaded. . .so lib/daemon.man +.so lib/ssl.man +.so lib/ssl-bootstrap.man .so lib/vlog.man .so lib/common.man .so lib/leak-checker.man diff --git a/vswitchd/ovs-vswitchd.c b/vswitchd/ovs-vswitchd.c index 1d1fa291..6b7ad4e4 100644 --- a/vswitchd/ovs-vswitchd.c +++ b/vswitchd/ovs-vswitchd.c @@ -138,7 +138,8 @@ parse_options(int argc, char *argv[]) OPT_PEER_CA_CERT = UCHAR_MAX + 1, OPT_FAKE_PROC_NET, VLOG_OPTION_ENUMS, - LEAK_CHECKER_OPTION_ENUMS + LEAK_CHECKER_OPTION_ENUMS, + OPT_BOOTSTRAP_CA_CERT }; static struct option long_options[] = { {"help", no_argument, 0, 'h'}, @@ -150,6 +151,7 @@ parse_options(int argc, char *argv[]) #ifdef HAVE_OPENSSL STREAM_SSL_LONG_OPTIONS {"peer-ca-cert", required_argument, 0, OPT_PEER_CA_CERT}, + {"bootstrap-ca-cert", required_argument, 0, OPT_BOOTSTRAP_CA_CERT}, #endif {0, 0, 0, 0}, }; @@ -191,6 +193,10 @@ parse_options(int argc, char *argv[]) case OPT_PEER_CA_CERT: stream_ssl_set_peer_ca_cert_file(optarg); break; + + case OPT_BOOTSTRAP_CA_CERT: + stream_ssl_set_ca_cert_file(optarg, true); + break; #endif case '?': -- 2.30.2