[PATCH 5/6] qemu: conf: Enable 'backup_tls_x509_verify' by default
Eric Blake
eblake at redhat.com
Fri Nov 13 15:12:07 UTC 2020
On 11/13/20 9:01 AM, Peter Krempa wrote:
> The NBD server used to export pull-mode backups doesn't have any other
> form of client authentication on top of the TLS transport, so the only
> way to authenticate clients is to verify their certificate.
>
> Enable this option by defauilt when both 'backup_tls_x509_verify' and
> 'default_tls_x509_verify' were not configured.
>
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1879477
> Signed-off-by: Peter Krempa <pkrempa at redhat.com>
> ---
> src/qemu/qemu.conf | 3 ++-
> src/qemu/qemu_conf.c | 2 +-
> 2 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
> index d621dad53b..cc46a34ae2 100644
> --- a/src/qemu/qemu.conf
> +++ b/src/qemu/qemu.conf
> @@ -422,7 +422,8 @@
> # CA in the backup_tls_x509_cert_dir (or default_tls_x509_cert_dir).
> #
> # If this option is not supplied, it will be set to the value of
> -# "default_tls_x509_verify".
> +# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either
> +# the default is "1".
s/either/either,/
Reviewed-by: Eric Blake <eblake at redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
More information about the libvir-list
mailing list