Thanks for the patch! Acked-by: Mark Michelson <[email protected]>
On Wed, Nov 19, 2025 at 1:56 PM Gurucharan Shetty <[email protected]> wrote: > > Commit af7c9802cb (ovn: Add SNI support to ovn-nbctl and ovn-sbctl.) > intended to add SNI support for ovn-nbctl and ovn-sbctl explicity. > There was implicit support to some utilties using > STREAM_SSL_OPTION_HANDLERS (ovn-controller-vtep, ovn-ic-nbctl, > ovn-ic-sbctl, ovn-trace). > > But it missed adding explict support to utilities ovn-ic, ovn-northd > and ovn-controller causing those utilities > to crash if --ssl-server-name was passed as an argument. > > This commit fixes it and also adds a NEWS item for the feature. > > CC: Ilya Maximets <[email protected]> > Signed-off-by: Gurucharan Shetty <[email protected]> > --- > NEWS | 6 ++++++ > controller/ovn-controller.c | 4 ++++ > ic/ovn-ic.c | 4 ++++ > northd/ovn-northd.c | 4 ++++ > 4 files changed, 18 insertions(+) > > diff --git a/NEWS b/NEWS > index 754934b6b..a4c8557ee 100644 > --- a/NEWS > +++ b/NEWS > @@ -1,5 +1,11 @@ > Post v25.09.0 > ------------- > + - Added support for TLS Server Name Indication (SNI) with the new > + --ssl-server-name option in OVN utilities and daemons. This allows > + specifying the server name for SNI, which is useful when connecting > + through proxies or service meshes where the connection endpoint differs > + from the intended server name. Without this option, the hostname from > + the connection string is used for SNI, as before. > - Added disable_garp_rarp option to logical_router table in order to > disable > GARP/RARP announcements by all the peer ports of this logical router. > - Support for specifying output_port for logical router reroute policies. > diff --git a/controller/ovn-controller.c b/controller/ovn-controller.c > index 14b9b9e28..93cd5cec5 100644 > --- a/controller/ovn-controller.c > +++ b/controller/ovn-controller.c > @@ -8096,6 +8096,10 @@ parse_options(int argc, char *argv[]) > stream_ssl_set_ciphersuites(optarg); > break; > > + case OPT_SSL_SERVER_NAME: > + stream_ssl_set_server_name(optarg); > + break; > + > case OPT_PEER_CA_CERT: > stream_ssl_set_peer_ca_cert_file(optarg); > break; > diff --git a/ic/ovn-ic.c b/ic/ovn-ic.c > index ac8b9596c..2a7dfe405 100644 > --- a/ic/ovn-ic.c > +++ b/ic/ovn-ic.c > @@ -3169,6 +3169,10 @@ parse_options(int argc OVS_UNUSED, char *argv[] > OVS_UNUSED) > stream_ssl_set_ciphersuites(optarg); > break; > > + case OPT_SSL_SERVER_NAME: > + stream_ssl_set_server_name(optarg); > + break; > + > case 'd': > ovnsb_db = optarg; > break; > diff --git a/northd/ovn-northd.c b/northd/ovn-northd.c > index b196b2d60..52a3c7883 100644 > --- a/northd/ovn-northd.c > +++ b/northd/ovn-northd.c > @@ -678,6 +678,10 @@ parse_options(int argc OVS_UNUSED, char *argv[] > OVS_UNUSED, > stream_ssl_set_ciphersuites(optarg); > break; > > + case OPT_SSL_SERVER_NAME: > + stream_ssl_set_server_name(optarg); > + break; > + > case 'd': > ovnsb_db = optarg; > break; > -- > 2.34.1 > > _______________________________________________ > dev mailing list > [email protected] > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
