提交 17f50c82 编写于 作者: J Ján Tomko

qemu: vnc: switch to tls-creds-x509

The tls, x509 and x509verify options were deprecated in QEMU v2.5.0:

commit 3e305e4a4752f70c0b5c3cf5b43ec957881714f7
Author:     Daniel P. Berrange <berrange@redhat.com>

    ui: convert VNC server to use QCryptoTLSSession

Use the tls-creds-x509 object when available.

https://bugzilla.redhat.com/show_bug.cgi?id=1598167Signed-off-by: NJán Tomko <jtomko@redhat.com>
上级 11b5396c
......@@ -7917,13 +7917,27 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPtr cfg,
virBufferAddLit(&opt, ",password");
if (cfg->vncTLS) {
virBufferAddLit(&opt, ",tls");
if (cfg->vncTLSx509verify) {
virBufferAddLit(&opt, ",x509verify=");
virQEMUBuildBufferEscapeComma(&opt, cfg->vncTLSx509certdir);
if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) {
const char *alias = "vnc-tls-creds0";
if (qemuBuildTLSx509CommandLine(cmd,
cfg->vncTLSx509certdir,
true,
cfg->vncTLSx509verify,
NULL,
alias,
qemuCaps) < 0)
goto error;
virBufferAsprintf(&opt, ",tls-creds=%s", alias);
} else {
virBufferAddLit(&opt, ",x509=");
virQEMUBuildBufferEscapeComma(&opt, cfg->vncTLSx509certdir);
virBufferAddLit(&opt, ",tls");
if (cfg->vncTLSx509verify) {
virBufferAddLit(&opt, ",x509verify=");
virQEMUBuildBufferEscapeComma(&opt, cfg->vncTLSx509certdir);
} else {
virBufferAddLit(&opt, ",x509=");
virQEMUBuildBufferEscapeComma(&opt, cfg->vncTLSx509certdir);
}
}
}
......
......@@ -24,7 +24,9 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
-no-acpi \
-boot strict=on \
-device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
-vnc 127.0.0.1:3,tls,x509verify=/etc/pki/libvirt-vnc,sasl \
-object tls-creds-x509,id=vnc-tls-creds0,dir=/etc/pki/libvirt-vnc,\
endpoint=server,verify-peer=yes \
-vnc 127.0.0.1:3,tls-creds=vnc-tls-creds0,sasl \
-device cirrus-vga,id=video0,bus=pci.0,addr=0x2 \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
resourcecontrol=deny \
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册