[libvirt] [PATCH v5 2/9] conf: Introduce chartcp_tls_x509_cert_dir

John Ferlan jferlan at redhat.com
Thu Sep 8 21:55:42 UTC 2016 


On 08/05/2016 04:19 AM, Daniel P. Berrange wrote:
> In the subject  s/chartcp/chardev/
> 
> On Thu, Aug 04, 2016 at 11:21:20AM -0400, John Ferlan wrote:
>> Add a new TLS X.509 certificate type - "chardev". This will handle the
>> creation of a TLS certificate capability (and possibly repository) for
>> properly configured character device TCP backends.
>>
>> Unlike the vnc and spice there is no "listen" or "passwd" associated. The
>> credentials will be handled via a libvirt secret provided to a specific
>> backend.
>>
>> Make use of the default verify option as well.
>>
>> Signed-off-by: John Ferlan <jferlan at redhat.com>
>> ---
>>  src/qemu/libvirtd_qemu.aug                         |  5 +++
>>  src/qemu/qemu.conf                                 | 28 ++++++++++++
>>  src/qemu/qemu_conf.c                               |  9 ++++
>>  src/qemu/qemu_conf.h                               |  4 ++
>>  src/qemu/test_libvirtd_qemu.aug.in                 |  3 ++
>>  .../qemuxml2argv-serial-tcp-tlsx509-chardev.xml    | 41 ++++++++++++++++++
>>  .../qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml  | 50 ++++++++++++++++++++++
>>  tests/qemuxml2xmltest.c                            |  1 +
>>  8 files changed, 141 insertions(+)
>>  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.xml
>>  create mode 100644 tests/qemuxml2xmloutdata/qemuxml2xmlout-serial-tcp-tlsx509-chardev.xml
> 
> ACK
> 
> Regards,
> Daniel
> 
As noted in my response in 6/9, I somehow missed fetching the chardevTLS,
so I'll squash the following in before pushing the ACK'd patches, so that
I can repost the secret changes in a v6:

diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index f2d27a1..ce2a890 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -505,6 +505,8 @@ int virQEMUDriverConfigLoadFile(virQEMUDriverConfigPtr cfg,
     if (virConfGetValueBool(conf, "spice_auto_unix_socket", &cfg->spiceAutoUnixSocket) < 0)
         goto cleanup;
 
+    if ((rv = virConfGetValueBool(conf, "chardev_tls", &cfg->chardevTLS)) < 0)
+        goto cleanup;
     if (virConfGetValueString(conf, "chardev_tls_x509_cert_dir", &cfg->chardevTLSx509certdir) < 0)
         goto cleanup;
     if ((rv = virConfGetValueBool(conf, "chardev_tls_x509_verify", &cfg->chardevTLSx509verify)) < 0)

More information about the libvir-list mailing list