Hi Ben, Thanks for the response. I'd be happy to work on a patch and submit it back.
I'll document a few options, and run it by this mailing list. The implementation can be done a couple of different ways, based on the separated layers (reconnect / jsonrpc / stream / etc) and each with their own pros/cons. I'd love to get input before choosing which way to go. Thanks, Paul On Thu, Jan 5, 2017 at 9:01 PM, Ben Pfaff <[email protected]> wrote: > On Thu, Jan 05, 2017 at 05:50:45PM -0800, Paul White wrote: > > I am configuring ovsdb-server to connect to a remote manager using SSL. > I > > have the certificates configured, and the connection works as long as I > do > > not configure a ca-cert. Configuring a ca-cert causes server-side > > certificate verification to fail in OpenSSL. > > > > I believe this is because I am only allowed to insert an IP address for > > remote manager target and the remote server is using a certificate > > generated with it's DNS name, not IP address. > > > > Is there a way (or any plans to support) providing a hostname target > inside > > the manager table? This would allow the OpenSSL library to properly > verify > > server-side certificate. Using per-IP certificates is not an option for > us > > to due to load balancing and scale. > > We'd accept a working patch. >
_______________________________________________ discuss mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
