Re: [Ryu-devel] [PATCH] ryu/controller/controller: add SSL/TLS support

Wed, 07 Nov 2012 05:10:22 -0800 

On Wed,  7 Nov 2012 21:25:43 +0900
OHMURA Kei <ohmura....@lab.ntt.co.jp> wrote:

> We should support SSL/TLS to encrypt OF channel. This patch only
> support self-signed certificates. (see the "INSTALL.SSL" in Open vSwitch
> source code)
> 
> Signed-off-by: OHMURA Kei <ohmura....@lab.ntt.co.jp>
> ---
>  ryu/controller/controller.py |   20 +++++++++++++++++---
>  1 file changed, 17 insertions(+), 3 deletions(-)
> 
> diff --git a/ryu/controller/controller.py b/ryu/controller/controller.py
> index dd5f16b..2953a86 100644
> --- a/ryu/controller/controller.py
> +++ b/ryu/controller/controller.py
> @@ -21,6 +21,7 @@ import gevent
>  import traceback
>  import random
>  import greenlet
> +import ssl
>  from gevent.server import StreamServer
>  from gevent.queue import Queue
>  
> @@ -42,6 +43,10 @@ FLAGS = gflags.FLAGS
>  gflags.DEFINE_string('ofp_listen_host', '', 'openflow listen host')
>  gflags.DEFINE_integer('ofp_tcp_listen_port', ofproto_common.OFP_TCP_PORT,
>                        'openflow tcp listen port')
> +gflags.DEFINE_integer('ofp_ssl_listen_port', ofproto_common.OFP_SSL_PORT,
> +                      'openflow ssl listen port')
> +gflags.DEFINE_string('ctl_privkey', None, 'controller private key')
> +gflags.DEFINE_string('ctl_cert', None, 'controller certificate')
>  
>  
>  class OpenFlowController(object):
> @@ -54,9 +59,18 @@ class OpenFlowController(object):
>          self.server_loop()
>  
>      def server_loop(self):
> -        server = StreamServer((FLAGS.ofp_listen_host,
> -                               FLAGS.ofp_tcp_listen_port),
> -                              datapath_connection_factory)
> +        if FLAGS.ctl_privkey and FLAGS.ctl_cert is not None:
> +            server = StreamServer((FLAGS.ofp_listen_host,
> +                                   FLAGS.ofp_ssl_listen_port),
> +                                  datapath_connection_factory,
> +                                  keyfile=FLAGS.ctl_privkey,
> +                                  certfile=FLAGS.ctl_cert,
> +                                  ssl_version=ssl.PROTOCOL_TLSv1)

Needs to specify the ssl version?

------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel

Reply via email to