[libvirt] Libvirt 0.8.7 installer ready for testing
Daniel P. Berrange
berrange at redhat.com
Mon Jan 10 15:01:59 UTC 2011
On Mon, Jan 10, 2011 at 03:51:42PM +0100, Matthias Bolte wrote:
> 2011/1/8 Justin Clift <jclift at redhat.com>:
> > Hi guys,
> >
> > Created the windows libvirt 0.8.7 installer using Matthias's updated scripting:
> >
> > http://libvirt.org/sources/win32_experimental/Libvirt-0.8.7-0.exe
> >
> > Does someone have time to test and confirm it's ok, before we point to it from
> > the website?
> >
> > Arnaud, this version of the installer adds the virsh bin directory to the system PATH
> > variable. So I'm thinking don't need to copy the libvirt dll's around, when using
> > your C# bindings.
> >
> > If you've have time to test that, it would be great. Could then update the web page
> > with that info. :)
> >
> > Regards and best wishes,
> >
> > Justin Clift
>
> The readme suggests (at least to me) that the TLS certs for libvirt's
> TLS transport and the ESX driver using HTTPS are the same:
>
> "TLS certificates are needed prior to connecting to either
> QEMU instances with TLS, or connecting to VMware
> ESX/vSphere."
>
> Yes, the ESX driver (actually libcurl) needs to know the cacert.pem
> for the key that signed the HTTPS certificate in order to verify the
> server's certificate. That's what you can disable using the
> no_verify=1 query parameter. But HTTPS doesn't do mutual verification
> as libvirt's TLS transport does. There is no clientcert/key.pem
> involved in HTTPS.
Actually HTTPS as a generic protcool *can* do mutual authentication
requiring a client certificate - the Fedora build system uses this
capability. Whether libcurl implements support for this, and whether
VMWare ESX server requests it, are the actual questions to ask :-)
Daniel
More information about the libvir-list
mailing list