[libvirt] [PATCH v9 4/4] qemu: Add TLS support for Veritas HyperScale (VxHS)
John Ferlan
jferlan at redhat.com
Wed Sep 27 15:21:33 UTC 2017
[...]
>>>>
>>>> static int
>>>> +qemuDomainAddDiskSrcTLSObject(virQEMUDriverPtr driver,
>>>> + virDomainObjPtr vm,
>>>> + virStorageSourcePtr src,
>>>> + const char *srcalias)
>>>> +{
>>>> + int ret = -1;
>>>> + qemuDomainObjPrivatePtr priv = vm->privateData;
>>>> + virJSONValuePtr tlsProps = NULL;
>>>> +
>>>> + /* NB: Initial implementation doesn't require/use a secret to decrypt
>>>> + * a server certificate, so there's no need to manage a tlsSecAlias
>>>
>>> client certificate
>>>
>>
>> No it's the server certificate (server-key.pem) that needs the secret in
>> order to be decrypted.
>
> I think both can be encrypted. What I wanted to point out is that it
> does not make sense to refer to the server certificate in terms of disks
> since they are clients only.
>
True - I'll just the whole paragraph. It's one of those traces I leave
in code comments for later on...
John
More information about the libvir-list
mailing list