diff options
Diffstat (limited to 'ovsdb/ovsdb-server.c')
-rw-r--r-- | ovsdb/ovsdb-server.c | 23 |
1 files changed, 19 insertions, 4 deletions
diff --git a/ovsdb/ovsdb-server.c b/ovsdb/ovsdb-server.c index bc71fd11a..1b0060bff 100644 --- a/ovsdb/ovsdb-server.c +++ b/ovsdb/ovsdb-server.c @@ -74,6 +74,8 @@ struct db { static char *private_key_file; static char *certificate_file; static char *ca_cert_file; +static char *ssl_protocols; +static char *ssl_ciphers; static bool bootstrap_ca_cert; static unixctl_cb_func ovsdb_server_exit; @@ -1110,13 +1112,19 @@ reconfigure_ssl(const struct shash *all_dbs) const char *resolved_private_key; const char *resolved_certificate; const char *resolved_ca_cert; + const char *resolved_ssl_protocols; + const char *resolved_ssl_ciphers; resolved_private_key = query_db_string(all_dbs, private_key_file, &errors); resolved_certificate = query_db_string(all_dbs, certificate_file, &errors); resolved_ca_cert = query_db_string(all_dbs, ca_cert_file, &errors); + resolved_ssl_protocols = query_db_string(all_dbs, ssl_protocols, &errors); + resolved_ssl_ciphers = query_db_string(all_dbs, ssl_ciphers, &errors); stream_ssl_set_key_and_cert(resolved_private_key, resolved_certificate); stream_ssl_set_ca_cert_file(resolved_ca_cert, bootstrap_ca_cert); + stream_ssl_set_protocols(resolved_ssl_protocols); + stream_ssl_set_ciphers(resolved_ssl_ciphers); return errors.string; } @@ -1517,7 +1525,8 @@ parse_options(int *argcp, char **argvp[], OPT_SYNC_EXCLUDE, OPT_ACTIVE, VLOG_OPTION_ENUMS, - DAEMON_OPTION_ENUMS + DAEMON_OPTION_ENUMS, + SSL_OPTION_ENUMS, }; static const struct option long_options[] = { {"remote", required_argument, NULL, OPT_REMOTE}, @@ -1531,9 +1540,7 @@ parse_options(int *argcp, char **argvp[], VLOG_LONG_OPTIONS, {"bootstrap-ca-cert", required_argument, NULL, OPT_BOOTSTRAP_CA_CERT}, {"peer-ca-cert", required_argument, NULL, OPT_PEER_CA_CERT}, - {"private-key", required_argument, NULL, 'p'}, - {"certificate", required_argument, NULL, 'c'}, - {"ca-cert", required_argument, NULL, 'C'}, + STREAM_SSL_LONG_OPTIONS, {"sync-from", required_argument, NULL, OPT_SYNC_FROM}, {"sync-exclude-tables", required_argument, NULL, OPT_SYNC_EXCLUDE}, {"active", no_argument, NULL, OPT_ACTIVE}, @@ -1590,6 +1597,14 @@ parse_options(int *argcp, char **argvp[], bootstrap_ca_cert = false; break; + case OPT_SSL_PROTOCOLS: + ssl_protocols = optarg; + break; + + case OPT_SSL_CIPHERS: + ssl_ciphers = optarg; + break; + case OPT_BOOTSTRAP_CA_CERT: ca_cert_file = optarg; bootstrap_ca_cert = true; |