openssl dhparam -C -in $(srcdir)/lib/dh4096.pem -noout) \
| sed 's/\(get_dh[0-9]*\)()/\1(void)/' > lib/dhparams.c.tmp
mv lib/dhparams.c.tmp lib/dhparams.c
+else
+lib_libopenvswitch_a_SOURCES += lib/stream-nossl.c
endif
EXTRA_DIST += \
--- /dev/null
+/*
+ * Copyright (c) 2011 Nicira Networks.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <config.h>
+#include "stream-ssl.h"
+#include "vlog.h"
+
+VLOG_DEFINE_THIS_MODULE(stream_nossl);
+\f
+/* Dummy function definitions, used when OVS is built without OpenSSL. */
+
+bool
+stream_ssl_is_configured(void)
+{
+ return false;
+}
+
+static void NO_RETURN
+nossl_option(const char *detail)
+{
+ VLOG_FATAL("%s specified but Open vSwitch was built without SSL support",
+ detail);
+}
+
+void
+stream_ssl_set_private_key_file(const char *file_name)
+{
+ if (file_name != NULL) {
+ nossl_option("Private key");
+ }
+}
+
+void
+stream_ssl_set_certificate_file(const char *file_name)
+{
+ if (file_name != NULL) {
+ nossl_option("Certificate");
+ }
+}
+
+void
+stream_ssl_set_ca_cert_file(const char *file_name, bool bootstrap OVS_UNUSED)
+{
+ if (file_name != NULL) {
+ nossl_option("CA certificate");
+ }
+}
+
+void
+stream_ssl_set_peer_ca_cert_file(const char *file_name)
+{
+ if (file_name != NULL) {
+ nossl_option("Peer CA certificate");
+ }
+}
+
+void
+stream_ssl_set_key_and_cert(const char *private_key_file,
+ const char *certificate_file)
+{
+ stream_ssl_set_private_key_file(private_key_file);
+ stream_ssl_set_certificate_file(certificate_file);
+}
/*
- * Copyright (c) 2008, 2009, 2010 Nicira Networks.
+ * Copyright (c) 2008, 2009, 2010, 2011 Nicira Networks.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
#include <stdbool.h>
-#ifdef HAVE_OPENSSL
bool stream_ssl_is_configured(void);
-
void stream_ssl_set_private_key_file(const char *file_name);
void stream_ssl_set_certificate_file(const char *file_name);
void stream_ssl_set_ca_cert_file(const char *file_name, bool bootstrap);
-
+void stream_ssl_set_peer_ca_cert_file(const char *file_name);
void stream_ssl_set_key_and_cert(const char *private_key_file,
const char *certificate_file);
-
-void stream_ssl_set_peer_ca_cert_file(const char *file_name);
-
-/* Define the long options for SSL support.
- *
- * Note that the definition includes a final comma, and therefore a comma
- * must not be supplied when using the definition. This is done so that
- * compilation succeeds whether or not HAVE_OPENSSL is defined. */
-#define STREAM_SSL_LONG_OPTIONS \
+#define STREAM_SSL_LONG_OPTIONS \
{"private-key", required_argument, 0, 'p'}, \
{"certificate", required_argument, 0, 'c'}, \
- {"ca-cert", required_argument, 0, 'C'},
+ {"ca-cert", required_argument, 0, 'C'}
#define STREAM_SSL_OPTION_HANDLERS \
case 'p': \
case 'C': \
stream_ssl_set_ca_cert_file(optarg, false); \
break;
-#else /* !HAVE_OPENSSL */
-static inline bool stream_ssl_is_configured(void)
-{
- return false;
-}
-#define STREAM_SSL_LONG_OPTIONS
-#define STREAM_SSL_OPTION_HANDLERS
-#endif /* !HAVE_OPENSSL */
#endif /* stream-ssl.h */
DAEMON_LONG_OPTIONS,
#ifdef HAVE_OPENSSL
{"bootstrap-ca-cert", required_argument, 0, OPT_BOOTSTRAP_CA_CERT},
- TABLE_LONG_OPTIONS,
- STREAM_SSL_LONG_OPTIONS
+ STREAM_SSL_LONG_OPTIONS,
#endif
+ TABLE_LONG_OPTIONS,
{0, 0, 0, 0},
};
char *short_options = long_options_to_short_options(long_options);
TABLE_OPTION_HANDLERS(&table_style)
-#ifdef HAVE_OPENSSL
STREAM_SSL_OPTION_HANDLERS
case OPT_BOOTSTRAP_CA_CERT:
stream_ssl_set_ca_cert_file(optarg, true);
break;
-#endif
case '?':
exit(EXIT_FAILURE);
VLOG_DEFINE_THIS_MODULE(ovsdb_server);
-#if HAVE_OPENSSL
/* SSL configuration. */
static char *private_key_file;
static char *certificate_file;
static char *ca_cert_file;
static bool bootstrap_ca_cert;
-#endif
static unixctl_cb_func ovsdb_server_exit;
static unixctl_cb_func ovsdb_server_compact;
ovsdb_jsonrpc_server_set_remotes(jsonrpc, &resolved_remotes);
shash_destroy_free_data(&resolved_remotes);
-#if HAVE_OPENSSL
/* Configure SSL. */
stream_ssl_set_key_and_cert(query_db_string(db, private_key_file),
query_db_string(db, certificate_file));
stream_ssl_set_ca_cert_file(query_db_string(db, ca_cert_file),
bootstrap_ca_cert);
-#endif
}
static void
DAEMON_LONG_OPTIONS,
VLOG_LONG_OPTIONS,
LEAK_CHECKER_LONG_OPTIONS,
-#ifdef HAVE_OPENSSL
{"bootstrap-ca-cert", required_argument, 0, OPT_BOOTSTRAP_CA_CERT},
{"private-key", required_argument, 0, 'p'},
{"certificate", required_argument, 0, 'c'},
{"ca-cert", required_argument, 0, 'C'},
-#endif
{0, 0, 0, 0},
};
char *short_options = long_options_to_short_options(long_options);
DAEMON_OPTION_HANDLERS
LEAK_CHECKER_OPTION_HANDLERS
-#ifdef HAVE_OPENSSL
case 'p':
private_key_file = optarg;
break;
ca_cert_file = optarg;
bootstrap_ca_cert = true;
break;
-#endif
case '?':
exit(EXIT_FAILURE);
{"verbose", optional_argument, 0, 'v'},
{"help", no_argument, 0, 'h'},
DAEMON_LONG_OPTIONS,
-#ifdef HAVE_OPENSSL
{"bootstrap-ca-cert", required_argument, 0, OPT_BOOTSTRAP_CA_CERT},
- STREAM_SSL_LONG_OPTIONS
-#endif
+ STREAM_SSL_LONG_OPTIONS,
{0, 0, 0, 0},
};
char *short_options = long_options_to_short_options(long_options);
DAEMON_OPTION_HANDLERS
-#ifdef HAVE_OPENSSL
STREAM_SSL_OPTION_HANDLERS
case OPT_BOOTSTRAP_CA_CERT:
stream_ssl_set_ca_cert_file(optarg, true);
break;
-#endif
case '?':
exit(EXIT_FAILURE);
{"version", no_argument, 0, 'V'},
DAEMON_LONG_OPTIONS,
VLOG_LONG_OPTIONS,
-#ifdef HAVE_OPENSSL
- STREAM_SSL_LONG_OPTIONS
+ STREAM_SSL_LONG_OPTIONS,
{"peer-ca-cert", required_argument, 0, OPT_PEER_CA_CERT},
-#endif
{0, 0, 0, 0},
};
char *short_options = long_options_to_short_options(long_options);
VLOG_OPTION_HANDLERS
DAEMON_OPTION_HANDLERS
-#ifdef HAVE_OPENSSL
STREAM_SSL_OPTION_HANDLERS
case OPT_PEER_CA_CERT:
stream_ssl_set_peer_ca_cert_file(optarg);
break;
-#endif
case '?':
exit(EXIT_FAILURE);
{"help", no_argument, 0, 'h'},
{"version", no_argument, 0, 'V'},
VLOG_LONG_OPTIONS,
- STREAM_SSL_LONG_OPTIONS
+ STREAM_SSL_LONG_OPTIONS,
{0, 0, 0, 0},
};
char *short_options = long_options_to_short_options(long_options);
DAEMON_LONG_OPTIONS,
VLOG_LONG_OPTIONS,
LEAK_CHECKER_LONG_OPTIONS,
-#ifdef HAVE_OPENSSL
- STREAM_SSL_LONG_OPTIONS
+ STREAM_SSL_LONG_OPTIONS,
{"bootstrap-ca-cert", required_argument, 0, OPT_BOOTSTRAP_CA_CERT},
-#endif
{0, 0, 0, 0},
};
char *short_options = long_options_to_short_options(long_options);
LEAK_CHECKER_OPTION_HANDLERS
-#ifdef HAVE_OPENSSL
STREAM_SSL_OPTION_HANDLERS
case OPT_BOOTSTRAP_CA_CERT:
stream_ssl_set_ca_cert_file(optarg, true);
break;
-#endif
case '?':
exit(EXIT_FAILURE);
{"version", no_argument, 0, 'V'},
VLOG_LONG_OPTIONS,
TABLE_LONG_OPTIONS,
-#ifdef HAVE_OPENSSL
- STREAM_SSL_LONG_OPTIONS
+ STREAM_SSL_LONG_OPTIONS,
{"peer-ca-cert", required_argument, 0, OPT_PEER_CA_CERT},
-#endif
{0, 0, 0, 0},
};
char *tmp, *short_options;
VLOG_OPTION_HANDLERS
TABLE_OPTION_HANDLERS(&table_style)
-#ifdef HAVE_OPENSSL
STREAM_SSL_OPTION_HANDLERS
case OPT_PEER_CA_CERT:
stream_ssl_set_peer_ca_cert_file(optarg);
break;
-#endif
case '?':
exit(EXIT_FAILURE);
/* (Re)configure if necessary. */
database_changed = ovsdb_idl_run(idl);
cfg = ovsrec_open_vswitch_first(idl);
-#ifdef HAVE_OPENSSL
+
/* Re-configure SSL. We do this on every trip through the main loop,
* instead of just when the database changes, because the contents of the
* key and certificate files can change without the database changing.
stream_ssl_set_key_and_cert(ssl->private_key, ssl->certificate);
stream_ssl_set_ca_cert_file(ssl->ca_cert, ssl->bootstrap_ca_cert);
}
-#endif
+
if (database_changed || datapath_destroyed) {
if (cfg) {
struct ovsdb_idl_txn *txn = ovsdb_idl_txn_create(idl);
DAEMON_LONG_OPTIONS,
VLOG_LONG_OPTIONS,
LEAK_CHECKER_LONG_OPTIONS,
-#ifdef HAVE_OPENSSL
- STREAM_SSL_LONG_OPTIONS
+ STREAM_SSL_LONG_OPTIONS,
{"peer-ca-cert", required_argument, 0, OPT_PEER_CA_CERT},
{"bootstrap-ca-cert", required_argument, 0, OPT_BOOTSTRAP_CA_CERT},
-#endif
{"enable-dummy", no_argument, 0, OPT_ENABLE_DUMMY},
{0, 0, 0, 0},
};
VLOG_OPTION_HANDLERS
DAEMON_OPTION_HANDLERS
LEAK_CHECKER_OPTION_HANDLERS
-
-#ifdef HAVE_OPENSSL
STREAM_SSL_OPTION_HANDLERS
case OPT_PEER_CA_CERT:
case OPT_BOOTSTRAP_CA_CERT:
stream_ssl_set_ca_cert_file(optarg, true);
break;
-#endif
case OPT_ENABLE_DUMMY:
dummy_enable();
git://git.onelab.eu / sliver-openvswitch.git / commitdiff