[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2 5/5] ui: convert VNC server to use QCryptoTLS
From: |
Daniel P. Berrange |
Subject: |
Re: [Qemu-devel] [PATCH v2 5/5] ui: convert VNC server to use QCryptoTLSSession |
Date: |
Tue, 11 Aug 2015 18:22:04 +0100 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Tue, Aug 11, 2015 at 06:44:34PM +0200, Paolo Bonzini wrote:
>
>
> On 11/08/2015 16:26, Daniel P. Berrange wrote:
> > -object tls-creds,id=tls0,credtype=anon,endpoint=server \
> > -vnc hostname:0,tls-creds=tls0
> >
> > Old syntax for x509 credentials, no client certs:
> >
> > -vnc hostname:0,tls,x509=/path/to/certs
> >
> > New syntax:
> >
> > -object
> > tls-creds,id=tls0,credtype=x509,dir=/path/to/certs,endpoint=server,verify-peer=no
> > \
> > -vnc hostname:0,tls-creds=tls0
> >
> > Old syntax for x509 credentials, requiring client certs:
> >
> > -vnc hostname:0,tls,x509verify=/path/to/certs
>
> Would it be possible to change credtype=foo to subclasses of the
> abstract tls-creds class? That is
>
> -object tls-creds-anon,id=tls0,endpoint=server
> -object
> tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes|no
>
> This would be more similar to how -object is usually used. You
> get to choose whether to keep the union or have separate structs
> QCryptoTLSCredsX509 and QCryptoTLSCredsAnonymous.
Yeah that would work too.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
- [Qemu-devel] [PATCH v2 0/5] Extract TLS handling code from VNC server, Daniel P. Berrange, 2015/08/11
- [Qemu-devel] [PATCH v2 4/5] ui: fix return type for VNC I/O functions to be ssize_t, Daniel P. Berrange, 2015/08/11
- [Qemu-devel] [PATCH v2 3/5] crypto: introduce new module for handling TLS sessions, Daniel P. Berrange, 2015/08/11
- [Qemu-devel] [PATCH v2 1/5] crypto: introduce new module for handling TLS credentials, Daniel P. Berrange, 2015/08/11
- [Qemu-devel] [PATCH v2 5/5] ui: convert VNC server to use QCryptoTLSSession, Daniel P. Berrange, 2015/08/11
- [Qemu-devel] [PATCH v2 2/5] crypto: add sanity checking of TLS credentials, Daniel P. Berrange, 2015/08/11