openvswitch/lib/ssl.man

.de IQ
.  br
.  ns
.  IP "\\$1"
..
.IP "\fB\-p\fR \fIprivkey.pem\fR"
.IQ "\fB\-\-private\-key=\fIprivkey.pem\fR"
Specifies a PEM file containing the private key used as \fB\*(PN\fR's
identity for outgoing SSL connections.
.
.IP "\fB\-c\fR \fIcert.pem\fR"
.IQ "\fB\-\-certificate=\fIcert.pem\fR"
Specifies a PEM file containing a certificate that certifies the
private key specified on \fB\-p\fR or \fB\-\-private\-key\fR to be
trustworthy.  The certificate must be signed by the certificate
authority (CA) that the peer in SSL connections will use to verify it.
.
.IP "\fB\-C\fR \fIcacert.pem\fR"
.IQ "\fB\-\-ca\-cert=\fIcacert.pem\fR"
Specifies a PEM file containing the CA certificate that \fB\*(PN\fR
should use to verify certificates presented to it by SSL peers.  (This
may be the same certificate that SSL peers use to verify the
certificate specified on \fB\-c\fR or \fB\-\-certificate\fR, or it may
be a different one, depending on the PKI design in use.)
.
.IP "\fB\-C none\fR"
.IQ "\fB\-\-ca\-cert=none\fR"
Disables verification of certificates presented by SSL peers.  This
introduces a security risk, because it means that certificates cannot
be verified to be those of known trusted hosts.
Define IQ macro for SSL man page fragment The ssl.man page uses the IQ macro, but doesn't define it. Usually this doesn't matter since its already been defined by man page that's including it. However, in a couple of cases it doesn't, so this cleans that up. Caught by Lintian. 2010-03-31 17:12:37 -07:00			`.de IQ`
			`. br`
			`. ns`
			`. IP "\\$1"`
			`..`
Factor vconn and SSL documentation into manpage include files. 2009-12-21 13:10:55 -08:00			`.IP "\fB\-p\fR \fIprivkey.pem\fR"`
			`.IQ "\fB\-\-private\-key=\fIprivkey.pem\fR"`
			`Specifies a PEM file containing the private key used as \fB\*(PN\fR's`
			`identity for outgoing SSL connections.`
Fix excessive white space in manpages. In nroff manpages, a blank line adds vertical white space. When this is followed by another command that also starts a new paragraph, the result is a vertical skip twice as big as the normal inter-paragraph gap. The solution is to use a line that contains just "." for white space within the manpage, instead of a blank line. The resulting manpages look better. 2010-02-24 13:42:43 -08:00			`.`
Factor vconn and SSL documentation into manpage include files. 2009-12-21 13:10:55 -08:00			`.IP "\fB\-c\fR \fIcert.pem\fR"`
			`.IQ "\fB\-\-certificate=\fIcert.pem\fR"`
			`Specifies a PEM file containing a certificate that certifies the`
			`private key specified on \fB\-p\fR or \fB\-\-private\-key\fR to be`
			`trustworthy. The certificate must be signed by the certificate`
			`authority (CA) that the peer in SSL connections will use to verify it.`
Fix excessive white space in manpages. In nroff manpages, a blank line adds vertical white space. When this is followed by another command that also starts a new paragraph, the result is a vertical skip twice as big as the normal inter-paragraph gap. The solution is to use a line that contains just "." for white space within the manpage, instead of a blank line. The resulting manpages look better. 2010-02-24 13:42:43 -08:00			`.`
docs: Make SSL manpage fragments less specific to OpenFlow. These manpage fragments are used in OVSDB manpages as well, so their text should try to avoid referring to OpenFlow-specific concepts. 2010-03-18 17:12:27 -07:00			`.IP "\fB\-C\fR \fIcacert.pem\fR"`
			`.IQ "\fB\-\-ca\-cert=\fIcacert.pem\fR"`
Factor vconn and SSL documentation into manpage include files. 2009-12-21 13:10:55 -08:00			`Specifies a PEM file containing the CA certificate that \fB\*(PN\fR`
			`should use to verify certificates presented to it by SSL peers. (This`
			`may be the same certificate that SSL peers use to verify the`
			`certificate specified on \fB\-c\fR or \fB\-\-certificate\fR, or it may`
docs: Make SSL manpage fragments less specific to OpenFlow. These manpage fragments are used in OVSDB manpages as well, so their text should try to avoid referring to OpenFlow-specific concepts. 2010-03-18 17:12:27 -07:00			`be a different one, depending on the PKI design in use.)`
stream-ssl: Make it possible to avoid checking peer SSL certificate. In Citrix XenServer, the hosts have SSL private keys and certificates, but those certificates are not signed by any certificate authority. So we must provide a way to avoid checking certificates against a CA if we want other OVS tools to be able to talk to XenServer hosts over SSL. This commit makes that possible. 2010-03-23 17:19:36 -07:00			`.`
			`.IP "\fB\-C none\fR"`
			`.IQ "\fB\-\-ca\-cert=none\fR"`
			`Disables verification of certificates presented by SSL peers. This`
			`introduces a security risk, because it means that certificates cannot`
			`be verified to be those of known trusted hosts.`