> From: "Ben Pfaff" <[email protected]>
> To: "Lance Richardson" <[email protected]>
> Cc: [email protected], [email protected], "mickeys dev"
> <[email protected]>
> Sent: Thursday, 6 April, 2017 11:37:34 AM
> Subject: Re: [RFC 1/5] stream: store stream peer id with stream state
>
> On Mon, Mar 27, 2017 at 02:56:09PM -0400, Lance Richardson wrote:
> > Keep track of authenticated ID for stream peer. For SSL connections,
> > the authenticated ID is the CN (Common Name) field from the peer's
> > SSL certificate.
> >
> > Signed-off-by: Lance Richardson <[email protected]>
>
> Not all the new functions here follow the OVS convention that the
> function name should be at the beginning of a line.
>
> It looks like the convention here is that the peer id is the common
> name, except that if the common name contains "id:..." then that and
> everything after it is not part of the peer id. Probably, this
> convention should be documented somewhere, although that might only come
> with a later patch that actually makes this feature user-visible (I
> haven't read ahead yet).
>
The ovs-pki script sets the common name field to a string containing the
name specified by the user as a command-line argument followed by
"id:<generated_uuid>". I initially thought we should use the user-specified
portion as the ID, hence the code to lop off the "id:..." portion, but after
thinking about it some more I now believe it would be better to use the
entire common name string as-is. So I'll drop that bit of code in the next
revision.
Lance
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
