stream-ssl: Make it possible to avoid checking peer SSL certificate.

In Citrix XenServer, the hosts have SSL private keys and certificates, but those certificates are not signed by any certificate authority. So we must provide a way to avoid checking certificates against a CA if we want other OVS tools to be able to talk to XenServer hosts over SSL. This commit makes that possible.
author: Ben Pfaff <blp@nicira.com> 2010-03-23 17:19:36 -0700
committer: Ben Pfaff <blp@nicira.com> 2010-04-12 11:03:32 -0700
commit: ba104a1e39de45a2f33da0a132a17646da1ef931 (patch)
tree: c06b66bae00b64a1eed65cd2fe069b09d96985dd /lib/ssl.man
parent: 26ad129e69fc7c800630dbd541dc2dcc8150c3a4 (diff)
download: openvswitch-ba104a1e39de45a2f33da0a132a17646da1ef931.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/ssl.man b/lib/ssl.man
index 63f56d5ff..5f0215c01 100644
--- a/lib/ssl.man
+++ b/lib/ssl.man
@@ -22,3 +22,9 @@ should use to verify certificates presented to it by SSL peers.  (This
 may be the same certificate that SSL peers use to verify the
 certificate specified on \fB\-c\fR or \fB\-\-certificate\fR, or it may
 be a different one, depending on the PKI design in use.)
+.
+.IP "\fB\-C none\fR"
+.IQ "\fB\-\-ca\-cert=none\fR"
+Disables verification of certificates presented by SSL peers.  This
+introduces a security risk, because it means that certificates cannot
+be verified to be those of known trusted hosts.
author	Ben Pfaff <blp@nicira.com>	2010-03-23 17:19:36 -0700
committer	Ben Pfaff <blp@nicira.com>	2010-04-12 11:03:32 -0700
commit	ba104a1e39de45a2f33da0a132a17646da1ef931 (patch)
tree	c06b66bae00b64a1eed65cd2fe069b09d96985dd /lib/ssl.man
parent	26ad129e69fc7c800630dbd541dc2dcc8150c3a4 (diff)
download	openvswitch-ba104a1e39de45a2f33da0a132a17646da1ef931.tar.gz