[PATCH 23/24] conf: backup: Add 'tls' attribute for 'server' element

Eric Blake eblake at redhat.com
Thu Jul 2 19:53:28 UTC 2020

On 7/2/20 9:40 AM, Peter Krempa wrote:
> Allow enabling TLS for the NBD server used to do pull-mode backups. Note
> that documentation already mentions 'tls', so this just implements the
> schema and XML bits.
> Signed-off-by: Peter Krempa <pkrempa at redhat.com>
> ---

> +++ b/tests/domainbackupxml2xmlin/backup-pull-encrypted.xml
> @@ -1,6 +1,6 @@
>   <domainbackup mode="pull">
>     <incremental>1525889631</incremental>
> -  <server transport='tcp' name='localhost' port='10809'/>
> +  <server transport='tcp' tls='yes' name='localhost' port='10809'/>

So this doesn't say what files are actually feeding the TLS 
configuration; the docs already mentioned 'tls', but do we need to add a 
cross-reference that states when tls='yes' is in effect then the server 
uses the files as configured in qemu.conf?  Knowing how the server is 
keyed is important for writing a client that can connect over TLS to the 

But the overall idea makes sense.

Reviewed-by: Eric Blake <eblake at redhat.com>

Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

More information about the libvir-list mailing list