Commit af7c9802cb (ovn: Add SNI support to ovn-nbctl and ovn-sbctl.) intended to add SNI support for ovn-nbctl and ovn-sbctl explicity. There was implicit support to some utilties using STREAM_SSL_OPTION_HANDLERS (ovn-controller-vtep, ovn-ic-nbctl, ovn-ic-sbctl, ovn-trace).
But it missed adding explict support to utilities ovn-ic, ovn-northd and ovn-controller causing those utilities to crash if --ssl-server-name was passed as an argument. This commit fixes it and also adds a NEWS item for the feature. CC: Ilya Maximets <[email protected]> Signed-off-by: Gurucharan Shetty <[email protected]> --- NEWS | 6 ++++++ controller/ovn-controller.c | 4 ++++ ic/ovn-ic.c | 4 ++++ northd/ovn-northd.c | 4 ++++ 4 files changed, 18 insertions(+) diff --git a/NEWS b/NEWS index 06cc18b41..aa41993e9 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,11 @@ Post v25.09.0 ------------- + - Added support for TLS Server Name Indication (SNI) with the new + --ssl-server-name option in OVN utilities and daemons. This allows + specifying the server name for SNI, which is useful when connecting + through proxies or service meshes where the connection endpoint differs + from the intended server name. Without this option, the hostname from + the connection string is used for SNI, as before. - Added disable_garp_rarp option to logical_router table in order to disable GARP/RARP announcements by all the peer ports of this logical router. - Support for specifying output_port for logical router reroute policies. diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c index c2dab41c1..a977edcf2 100644 --- a/controller/ovn-controller.c +++ b/controller/ovn-controller.c @@ -8081,6 +8081,10 @@ parse_options(int argc, char *argv[]) stream_ssl_set_ciphersuites(optarg); break; + case OPT_SSL_SERVER_NAME: + stream_ssl_set_server_name(optarg); + break; + case OPT_PEER_CA_CERT: stream_ssl_set_peer_ca_cert_file(optarg); break; diff --git a/ic/ovn-ic.c b/ic/ovn-ic.c index ac8b9596c..2a7dfe405 100644 --- a/ic/ovn-ic.c +++ b/ic/ovn-ic.c @@ -3169,6 +3169,10 @@ parse_options(int argc OVS_UNUSED, char *argv[] OVS_UNUSED) stream_ssl_set_ciphersuites(optarg); break; + case OPT_SSL_SERVER_NAME: + stream_ssl_set_server_name(optarg); + break; + case 'd': ovnsb_db = optarg; break; diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c index c9d88dd22..f0b829f60 100644 --- a/northd/ovn-northd.c +++ b/northd/ovn-northd.c @@ -665,6 +665,10 @@ parse_options(int argc OVS_UNUSED, char *argv[] OVS_UNUSED, stream_ssl_set_ciphersuites(optarg); break; + case OPT_SSL_SERVER_NAME: + stream_ssl_set_server_name(optarg); + break; + case 'd': ovnsb_db = optarg; break; -- 2.34.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
