add TLS support

This patch supports TLS connection to encrypt OF channel. Signed-off-by: OHMURA Kei <ohmura.kei@lab.ntt.co.jp> Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
author: OHMURA Kei <ohmura.kei@lab.ntt.co.jp> 2012-11-12 12:46:01 +0900
committer: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> 2012-11-16 08:30:00 +0900
commit: c1dfc534881387a47f017e961006536f4e8421ae (patch)
tree: 53e1cda4f2a79510972e3f923fe65368e4f43ed0
parent: 6afa1c35ec0a0b2c66c22b6521be9886397aa1df (diff)
1 files changed, 28 insertions, 3 deletions
diff --git a/ryu/controller/controller.py b/ryu/controller/controller.py
index dd5f16b6..1e456bff 100644
--- a/ryu/controller/controller.py
+++ b/ryu/controller/controller.py
@@ -21,6 +21,7 @@ import gevent
 import traceback
 import random
 import greenlet
+import ssl
 from gevent.server import StreamServer
 from gevent.queue import Queue
 
@@ -42,6 +43,11 @@ FLAGS = gflags.FLAGS
 gflags.DEFINE_string('ofp_listen_host', '', 'openflow listen host')
 gflags.DEFINE_integer('ofp_tcp_listen_port', ofproto_common.OFP_TCP_PORT,
                       'openflow tcp listen port')
+gflags.DEFINE_integer('ofp_ssl_listen_port', ofproto_common.OFP_SSL_PORT,
+                      'openflow ssl listen port')
+gflags.DEFINE_string('ctl_privkey', None, 'controller private key')
+gflags.DEFINE_string('ctl_cert', None, 'controller certificate')
+gflags.DEFINE_string('ca_certs', None, 'CA certificates')
 
 
 class OpenFlowController(object):
@@ -54,9 +60,28 @@ class OpenFlowController(object):
         self.server_loop()
 
     def server_loop(self):
-        server = StreamServer((FLAGS.ofp_listen_host,
-                               FLAGS.ofp_tcp_listen_port),
-                              datapath_connection_factory)
+        if FLAGS.ctl_privkey and FLAGS.ctl_cert is not None:
+            if FLAGS.ca_certs is not None:
+                server = StreamServer((FLAGS.ofp_listen_host,
+                                       FLAGS.ofp_ssl_listen_port),
+                                      datapath_connection_factory,
+                                      keyfile=FLAGS.ctl_privkey,
+                                      certfile=FLAGS.ctl_cert,
+                                      cert_reqs=ssl.CERT_REQUIRED,
+                                      ca_certs=FLAGS.ca_certs,
+                                      ssl_version=ssl.PROTOCOL_TLSv1)
+            else:
+                server = StreamServer((FLAGS.ofp_listen_host,
+                                       FLAGS.ofp_ssl_listen_port),
+                                      datapath_connection_factory,
+                                      keyfile=FLAGS.ctl_privkey,
+                                      certfile=FLAGS.ctl_cert,
+                                      ssl_version=ssl.PROTOCOL_TLSv1)
+        else:
+            server = StreamServer((FLAGS.ofp_listen_host,
+                                   FLAGS.ofp_tcp_listen_port),
+                                  datapath_connection_factory)
+
         #LOG.debug('loop')
         server.serve_forever()
author	OHMURA Kei <ohmura.kei@lab.ntt.co.jp>	2012-11-12 12:46:01 +0900
committer	FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>	2012-11-16 08:30:00 +0900
commit	c1dfc534881387a47f017e961006536f4e8421ae (patch)
tree	53e1cda4f2a79510972e3f923fe65368e4f43ed0
parent	6afa1c35ec0a0b2c66c22b6521be9886397aa1df (diff)