From f272ec7373a11a5917c9f3aca56969a48eec2f96 Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Fri, 20 Aug 2010 11:26:03 -0700 Subject: [PATCH] configure: Enable OpenSSL support by default. Years ago some users had broken OpenSSL libraries that didn't actually work, so we disabled OpenSSL by default. By now, I hope that those users have fixed their systems. --- INSTALL.Linux | 5 +++-- INSTALL.SSL | 10 ++++------ m4/openvswitch.m4 | 18 +++++++++++------- 3 files changed, 18 insertions(+), 15 deletions(-) diff --git a/INSTALL.Linux b/INSTALL.Linux index 3088f8cb..3ae67d04 100644 --- a/INSTALL.Linux +++ b/INSTALL.Linux @@ -24,8 +24,9 @@ you will need the following software: - libssl, from OpenSSL, is optional but recommended if you plan to connect the Open vSwitch to an OpenFlow controller. libssl is required to establish confidentiality and authenticity in the - connections from an Open vSwitch to an OpenFlow controller. To - enable, configure with --enable-ssl=yes. + connections from an Open vSwitch to an OpenFlow controller. If + libssl is installed, then Open vSwitch will automatically build + with support for it. To compile the kernel module, you must also install the following. If you cannot build or install the kernel module, you may use the diff --git a/INSTALL.SSL b/INSTALL.SSL index 3b625fbd..f322b413 100644 --- a/INSTALL.SSL +++ b/INSTALL.SSL @@ -2,15 +2,13 @@ ================================ If you plan to configure Open vSwitch to connect across the network to -an OpenFlow controller, then we recommend that you configure and -enable SSL support in Open vSwitch. SSL support ensures integrity and -confidentiality of the OpenFlow connections, increasing network -security. +an OpenFlow controller, then we recommend that you build Open vSwitch +with OpenSSL. SSL support ensures integrity and confidentiality of +the OpenFlow connections, increasing network security. This file explains how to configure an Open vSwitch to connect to an OpenFlow controller over SSL. Refer to INSTALL.Linux for instructions -on building Open vSwitch with SSL support. (In particular, you must -pass --enable-ssl to the "configure" script to use SSL.) +on building Open vSwitch with SSL support. Open vSwitch uses TLS version 1.0 or later (TLSv1), as specified by RFC 2246, which is very similar to SSL version 3.0. TLSv1 was diff --git a/m4/openvswitch.m4 b/m4/openvswitch.m4 index d3e9f9f0..5d77ca24 100644 --- a/m4/openvswitch.m4 +++ b/m4/openvswitch.m4 @@ -60,30 +60,34 @@ AC_DEFUN([OVS_CHECK_NETLINK], [Define to 1 if Netlink protocol is available.]) fi]) -dnl Checks for OpenSSL, if --enable-ssl is passed in. +dnl Checks for OpenSSL. AC_DEFUN([OVS_CHECK_OPENSSL], [AC_ARG_ENABLE( [ssl], - [AC_HELP_STRING([--enable-ssl], - [Enable ssl support (requires libssl)])], + [AC_HELP_STRING([--disable-ssl], [Disable OpenSSL support])], [case "${enableval}" in (yes) ssl=true ;; (no) ssl=false ;; (*) AC_MSG_ERROR([bad value ${enableval} for --enable-ssl]) ;; esac], - [ssl=false]) + [ssl=check]) - if test "$ssl" = true; then + if test "$ssl" != false; then dnl Make sure that pkg-config is installed. m4_pattern_forbid([PKG_CHECK_MODULES]) PKG_CHECK_MODULES([SSL], [libssl], [HAVE_OPENSSL=yes], [HAVE_OPENSSL=no - AC_MSG_WARN([Cannot find libssl: + if test "$ssl" = check; then + AC_MSG_WARN([Cannot find libssl: $SSL_PKG_ERRORS -OpenFlow connections over SSL will not be supported.])]) +OpenFlow connections over SSL will not be supported. +(You may use --disable-ssl to suppress this warning.)]) + else + AC_MSG_ERROR([Cannot find libssl (use --disable-ssl to configure without SSL support)]) + fi]) else HAVE_OPENSSL=no fi -- 2.30.2