mirror of
https://github.com/openvswitch/ovs
synced 2025-08-22 09:58:01 +00:00
1d5aaa61fa
Too many users have incorrectly assumed that ovs-controller is a necessary or desirable part of an Open vSwitch deployment. This commit should fix the problem by renaming it test-controller and removing it from the default install and from packaging. Signed-off-by: Ben Pfaff <blp@nicira.com>
21 lines
926 B
Groff
21 lines
926 B
Groff
.IP "\fB\-\-bootstrap\-ca\-cert=\fIcacert.pem\fR"
|
|
When \fIcacert.pem\fR exists, this option has the same effect as
|
|
\fB\-C\fR or \fB\-\-ca\-cert\fR. If it does not exist, then
|
|
\fB\*(PN\fR will attempt to obtain the CA certificate from the
|
|
SSL peer on its first SSL connection and save it to the named PEM
|
|
file. If it is successful, it will immediately drop the connection
|
|
and reconnect, and from then on all SSL connections must be
|
|
authenticated by a certificate signed by the CA certificate thus
|
|
obtained.
|
|
.IP
|
|
\fBThis option exposes the SSL connection to a man-in-the-middle
|
|
attack obtaining the initial CA certificate\fR, but it may be useful
|
|
for bootstrapping.
|
|
.IP
|
|
This option is only useful if the SSL peer sends its CA certificate as
|
|
part of the SSL certificate chain. The SSL protocol does not require
|
|
the server to send the CA certificate.
|
|
.IP
|
|
This option is mutually exclusive with \fB\-C\fR and
|
|
\fB\-\-ca\-cert\fR.
|