diff options
author | Ben Pfaff <blp@nicira.com> | 2010-03-23 17:19:36 -0700 |
---|---|---|
committer | Ben Pfaff <blp@nicira.com> | 2010-04-12 11:03:32 -0700 |
commit | ba104a1e39de45a2f33da0a132a17646da1ef931 (patch) | |
tree | c06b66bae00b64a1eed65cd2fe069b09d96985dd /lib/ssl.man | |
parent | 26ad129e69fc7c800630dbd541dc2dcc8150c3a4 (diff) | |
download | openvswitch-ba104a1e39de45a2f33da0a132a17646da1ef931.tar.gz |
stream-ssl: Make it possible to avoid checking peer SSL certificate.
In Citrix XenServer, the hosts have SSL private keys and certificates, but
those certificates are not signed by any certificate authority. So we
must provide a way to avoid checking certificates against a CA if we want
other OVS tools to be able to talk to XenServer hosts over SSL. This
commit makes that possible.
Diffstat (limited to 'lib/ssl.man')
-rw-r--r-- | lib/ssl.man | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/ssl.man b/lib/ssl.man index 63f56d5ff..5f0215c01 100644 --- a/lib/ssl.man +++ b/lib/ssl.man @@ -22,3 +22,9 @@ should use to verify certificates presented to it by SSL peers. (This may be the same certificate that SSL peers use to verify the certificate specified on \fB\-c\fR or \fB\-\-certificate\fR, or it may be a different one, depending on the PKI design in use.) +. +.IP "\fB\-C none\fR" +.IQ "\fB\-\-ca\-cert=none\fR" +Disables verification of certificates presented by SSL peers. This +introduces a security risk, because it means that certificates cannot +be verified to be those of known trusted hosts. |