diff options
Diffstat (limited to 'vswitchd')
-rw-r--r-- | vswitchd/bridge.c | 10 | ||||
-rw-r--r-- | vswitchd/mgmt.c | 12 |
2 files changed, 20 insertions, 2 deletions
diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c index 0236f14c..0d9e49b3 100644 --- a/vswitchd/bridge.c +++ b/vswitchd/bridge.c @@ -27,6 +27,7 @@ #include <strings.h> #include <sys/stat.h> #include <sys/socket.h> +#include <sys/types.h> #include <unistd.h> #include "bitmap.h" #include "cfg.h" @@ -323,6 +324,7 @@ bridge_configure_ssl(void) static char *private_key_file; static char *certificate_file; static char *cacert_file; + struct stat s; if (config_string_change("ssl.private-key", &private_key_file)) { vconn_ssl_set_private_key_file(private_key_file); @@ -332,7 +334,13 @@ bridge_configure_ssl(void) vconn_ssl_set_certificate_file(certificate_file); } - if (config_string_change("ssl.ca-cert", &cacert_file)) { + /* We assume that even if the filename hasn't changed, if the CA cert + * file has been removed, that we want to move back into + * boot-strapping mode. This opens a small security hole, because + * the old certificate will still be trusted until vSwitch is + * restarted. We may want to address this in vconn's SSL library. */ + if (config_string_change("ssl.ca-cert", &cacert_file) + || (stat(cacert_file, &s) && errno == ENOENT)) { vconn_ssl_set_ca_cert_file(cacert_file, cfg_get_bool(0, "ssl.bootstrap-ca-cert")); } diff --git a/vswitchd/mgmt.c b/vswitchd/mgmt.c index ce9d9f33..45c35802 100644 --- a/vswitchd/mgmt.c +++ b/vswitchd/mgmt.c @@ -19,6 +19,9 @@ #include <assert.h> #include <errno.h> #include <stdlib.h> +#include <sys/stat.h> +#include <sys/socket.h> +#include <sys/types.h> #include "bridge.h" #include "cfg.h" @@ -101,6 +104,7 @@ mgmt_configure_ssl(void) static char *private_key_file; static char *certificate_file; static char *cacert_file; + struct stat s; /* XXX SSL should be configurable separate from the bridges. * XXX should be possible to de-configure SSL. */ @@ -112,7 +116,13 @@ mgmt_configure_ssl(void) vconn_ssl_set_certificate_file(certificate_file); } - if (config_string_change("ssl.ca-cert", &cacert_file)) { + /* We assume that even if the filename hasn't changed, if the CA cert + * file has been removed, that we want to move back into + * boot-strapping mode. This opens a small security hole, because + * the old certificate will still be trusted until vSwitch is + * restarted. We may want to address this in vconn's SSL library. */ + if (config_string_change("ssl.ca-cert", &cacert_file) + || (stat(cacert_file, &s) && errno == ENOENT)) { vconn_ssl_set_ca_cert_file(cacert_file, cfg_get_bool(0, "ssl.bootstrap-ca-cert")); } |