[ovs-dev] ovn fix segfault due to ssl-ciphers

Message ID	20240110014250.31325-1-amginwal@gmail.com
State	Not Applicable
Headers	show Return-Path: <ovs-dev-bounces@openvswitch.org> From: amginwal@gmail.com To: dev@openvswitch.org Date: Tue, 9 Jan 2024 17:42:50 -0800 Message-Id: <20240110014250.31325-1-amginwal@gmail.com> MIME-Version: 1.0 Cc: Aliasgar Ginwala <aginwala@ebay.com> Subject: [ovs-dev] [PATCH] ovn fix segfault due to ssl-ciphers Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ovs-dev-bounces@openvswitch.org Sender: "dev" <ovs-dev-bounces@openvswitch.org>
Series	[ovs-dev] ovn fix segfault due to ssl-ciphers \| expand [ovs-dev] ovn fix segfault due to ssl-ciphers

Message ID

20240110014250.31325-1-amginwal@gmail.com

State

Not Applicable

Headers

From: amginwal@gmail.com
To: dev@openvswitch.org
Date: Tue,  9 Jan 2024 17:42:50 -0800
Message-Id: <20240110014250.31325-1-amginwal@gmail.com>
MIME-Version: 1.0
Cc: Aliasgar Ginwala <aginwala@ebay.com>
Subject: [ovs-dev] [PATCH] ovn fix segfault due to ssl-ciphers
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ovs-dev-bounces@openvswitch.org
Sender: "dev" <ovs-dev-bounces@openvswitch.org>

Series

[ovs-dev] ovn fix segfault due to ssl-ciphers | expand

Commit Message

aginwala aginwala Jan. 10, 2024, 1:42 a.m. UTC

From: Aliasgar Ginwala <aginwala@ebay.com>

Fixes:
ovn-controller --ssl-ciphers='xxx'
Aborted (core dumped)

Avoid invalidating existing certs when bumping to new ovn version
SSL_connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed while connecting to control plane.

Signed-off-by: Aliasgar Ginwala <aginwala@ebay.com>
---
 controller/ovn-controller.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c
index 856e5e270..4b16818a6 100644
--- a/controller/ovn-controller.c
+++ b/controller/ovn-controller.c
@@ -6166,6 +6166,13 @@  parse_options(int argc, char *argv[])
             ssl_ca_cert_file = optarg;
             break;
 
+        case OPT_SSL_PROTOCOLS:
+            stream_ssl_set_protocols(optarg);
+            break;
+
+        case OPT_SSL_CIPHERS:
+            stream_ssl_set_ciphers(optarg);
+            break;
 
         case OPT_PEER_CA_CERT:
             stream_ssl_set_peer_ca_cert_file(optarg);

[ovs-dev] ovn fix segfault due to ssl-ciphers

Commit Message

Patch