[libvirt] [PATCH v5 2/9] conf: Introduce chartcp_tls_x509_cert_dir
John Ferlan
jferlan at redhat.com
Thu Sep 8 21:55:42 UTC 2016
On 08/05/2016 04:19 AM, Daniel P. Berrange wrote:
> In the subject s/chartcp/chardev/
>
> On Thu, Aug 04, 2016 at 11:21:20AM -0400, John Ferlan wrote:
>> Add a new TLS X.509 certificate type - "chardev". This will handle the
>> creation of a TLS certificate capability (and possibly repository) for
>> properly configured character device TCP backends.
>>
>> Unlike the vnc and spice there is no "listen" or "passwd" associated. The
>> credentials will be handled via a libvirt secret provided to a specific
>> backend.
>>
>> Make use of the default verify option as well.
>>
>> Signed-off-by: John Ferlan <jferlan at redhat.com>
>> ---
>> src/qemu/libvirtd_qemu.aug | 5 +++
>> src/qemu/qemu.conf | 28 ++++++++++++
>> src/qemu/qemu_conf.c | 9 ++++
>> src/qemu/qemu_conf.h | 4 ++
>> src/qemu/test_libvirtd_qemu.aug.in | 3 ++
>> .../qemuxml2argv-serial-tcp-tlsx509-chardev.xml | 41 ++++++++++++++++++
>> .../qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml | 50 ++++++++++++++++++++++
>> tests/qemuxml2xmltest.c | 1 +
>> 8 files changed, 141 insertions(+)
>> create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.xml
>> create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml
>
> ACK
>
> Regards,
> Daniel
>
As noted in my response in 6/9, I somehow missed fetching the chardevTLS,
so I'll squash the following in before pushing the ACK'd patches, so that
I can repost the secret changes in a v6:
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index f2d27a1..ce2a890 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -505,6 +505,8 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
if (virConfGetValueBool(conf, "spice_auto_unix_socket", &cfg->spiceAutoUnixSocket) < 0)
goto cleanup;
+ if ((rv = virConfGetValueBool(conf, "chardev_tls", &cfg->chardevTLS)) < 0)
+ goto cleanup;
if (virConfGetValueString(conf, "chardev_tls_x509_cert_dir", &cfg->chardevTLSx509certdir) < 0)
goto cleanup;
if ((rv = virConfGetValueBool(conf, "chardev_tls_x509_verify", &cfg->chardevTLSx509verify)) < 0)
More information about the libvir-list
mailing list