From: "Daniel P. Berrange" <berrange@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH v2 4/4] char: introduce support for TLS encrypted TCP chardev backend
Date: Mon, 21 Dec 2015 16:11:37 +0000 [thread overview]
Message-ID: <20151221161137.GE5316@redhat.com> (raw)
In-Reply-To: <567822A0.3020504@redhat.com>
On Mon, Dec 21, 2015 at 05:02:40PM +0100, Paolo Bonzini wrote:
>
>
> On 21/12/2015 16:42, Daniel P. Berrange wrote:
> > This integrates support for QIOChannelTLS object in the TCP
> > chardev backend. If the 'tls-creds=NAME' option is passed with
> > the '-chardev tcp' argument, then it will setup the chardev
> > such that the client is required to establish a TLS handshake
> > when connecting. There is no support for checking the client
> > certificate against ACLs in this initial patch. This is pending
> > work to QOM-ify the ACL object code.
>
> Are you also planning AF_UNIX support or does it make no sense?
I wasn't planning on it as I don't think it adds any real value.
AF_UNIX sockets are trivially secure since they're purely local.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
prev parent reply other threads:[~2015-12-21 16:11 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-21 15:42 [Qemu-devel] [PATCH v2 0/4] Convert chardevs to QIOChannel & add TLS support Daniel P. Berrange
2015-12-21 15:42 ` [Qemu-devel] [PATCH v2 1/4] char: remove fixed length filename allocation Daniel P. Berrange
2015-12-21 15:42 ` [Qemu-devel] [PATCH v2 2/4] char: convert from GIOChannel to QIOChannel Daniel P. Berrange
2015-12-21 15:42 ` [Qemu-devel] [PATCH v2 3/4] char: don't assume telnet initialization will not block Daniel P. Berrange
2015-12-21 16:01 ` Paolo Bonzini
2015-12-21 16:19 ` Daniel P. Berrange
2015-12-21 15:42 ` [Qemu-devel] [PATCH v2 4/4] char: introduce support for TLS encrypted TCP chardev backend Daniel P. Berrange
2015-12-21 16:02 ` Paolo Bonzini
2015-12-21 16:11 ` Daniel P. Berrange [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151221161137.GE5316@redhat.com \
--to=berrange@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.