ovs-vsctl: Add SSL support.

Normally ovs-vsctl is run locally, with a Unix domain socket as target, but
it can be useful over SSL as well from a remote host, so this commit
enables that use.

diff --git a/utilities/ovs-vsctl.c b/utilities/ovs-vsctl.c
index d39d610..fe78387 100644 (file)
--- a/utilities/ovs-vsctl.c
+++ b/utilities/ovs-vsctl.c
@@ -36,6 +36,7 @@
 #include "ovsdb-idl.h"
 #include "poll-loop.h"
 #include "process.h"
+#include "stream-ssl.h"
 #include "svec.h"
 #include "vswitchd/vswitch-idl.h"
 #include "timeval.h"
@@ -174,6 +175,7 @@ parse_options(int argc, char *argv[])
         OPT_NO_SYSLOG,
         OPT_NO_WAIT,
         OPT_DRY_RUN,
+        OPT_PEER_CA_CERT,
         VLOG_OPTION_ENUMS
     };
     static struct option long_options[] = {
@@ -186,6 +188,10 @@ parse_options(int argc, char *argv[])
         {"help", no_argument, 0, 'h'},
         {"version", no_argument, 0, 'V'},
         VLOG_LONG_OPTIONS,
+#ifdef HAVE_OPENSSL
+        STREAM_SSL_LONG_OPTIONS
+        {"peer-ca-cert", required_argument, 0, OPT_PEER_CA_CERT},
+#endif
         {0, 0, 0, 0},
     };
 
@@ -236,6 +242,14 @@ parse_options(int argc, char *argv[])
 
         VLOG_OPTION_HANDLERS
 
+#ifdef HAVE_OPENSSL
+        STREAM_SSL_OPTION_HANDLERS
+
+        case OPT_PEER_CA_CERT:
+            stream_ssl_set_peer_ca_cert_file(optarg);
+            break;
+#endif
+
         case '?':
             exit(EXIT_FAILURE);