mirror of
https://github.com/openvswitch/ovs
synced 2025-10-11 13:57:52 +00:00
ba104a1e39
In Citrix XenServer, the hosts have SSL private keys and certificates, but those certificates are not signed by any certificate authority. So we must provide a way to avoid checking certificates against a CA if we want other OVS tools to be able to talk to XenServer hosts over SSL. This commit makes that possible.
31 lines
1.2 KiB
Groff
31 lines
1.2 KiB
Groff
.de IQ
|
|
. br
|
|
. ns
|
|
. IP "\\$1"
|
|
..
|
|
.IP "\fB\-p\fR \fIprivkey.pem\fR"
|
|
.IQ "\fB\-\-private\-key=\fIprivkey.pem\fR"
|
|
Specifies a PEM file containing the private key used as \fB\*(PN\fR's
|
|
identity for outgoing SSL connections.
|
|
.
|
|
.IP "\fB\-c\fR \fIcert.pem\fR"
|
|
.IQ "\fB\-\-certificate=\fIcert.pem\fR"
|
|
Specifies a PEM file containing a certificate that certifies the
|
|
private key specified on \fB\-p\fR or \fB\-\-private\-key\fR to be
|
|
trustworthy. The certificate must be signed by the certificate
|
|
authority (CA) that the peer in SSL connections will use to verify it.
|
|
.
|
|
.IP "\fB\-C\fR \fIcacert.pem\fR"
|
|
.IQ "\fB\-\-ca\-cert=\fIcacert.pem\fR"
|
|
Specifies a PEM file containing the CA certificate that \fB\*(PN\fR
|
|
should use to verify certificates presented to it by SSL peers. (This
|
|
may be the same certificate that SSL peers use to verify the
|
|
certificate specified on \fB\-c\fR or \fB\-\-certificate\fR, or it may
|
|
be a different one, depending on the PKI design in use.)
|
|
.
|
|
.IP "\fB\-C none\fR"
|
|
.IQ "\fB\-\-ca\-cert=none\fR"
|
|
Disables verification of certificates presented by SSL peers. This
|
|
introduces a security risk, because it means that certificates cannot
|
|
be verified to be those of known trusted hosts.
|