From: Paolo Bonzini <pbonzini@redhat.com>
To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: Gerd Hoffmann <kraxel@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v6 00/11] Extract TLS handling code from VNC server
Date: Tue, 8 Sep 2015 12:04:11 +0200 [thread overview]
Message-ID: <55EEB29B.6090108@redhat.com> (raw)
In-Reply-To: <1441192690-15413-1-git-send-email-berrange@redhat.com>
On 02/09/2015 13:17, Daniel P. Berrange wrote:
> This small patch series is a formal submission of another part
> of my previous series
>
> v1: https://lists.gnu.org/archive/html/qemu-devel/2015-04/msg02038.html
> v2: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg01267.html
> v3: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg01386.html
> v4: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02655.html
> v5: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg03159.html
>
> Now we have the basic crypto module defined for hash/cipher APIs,
> we extend it to also cover TLS credential and TLS session handling
> APIs. These new TLS related APIs obsolete the vast majority of the
> TLS handling code in the current VNC server. As a result the VNC
> server no longer has to worry about conditional compilation for
> GNUTLS. It also gives us code reuse for future patches which intend
> to add TLS support to chardevs, migration, nbd, etc.
>
> This series deprecates the existing way of configuring TLS for
> VNC on the command line, but maintains support for back-compat
> reasons.
>
> Since the TLS code is now totally isolated from the VNC server it
> is also practical to provide significant unit test coverage of what
> is security critical code.
>
> Aside from the new CLI syntax for configuring TLS with VNC, the
> only other functional change is to allow diffie-hellman params
> to be loaded from a file, instead of being generated at startup.
>
> Changes in v6:
>
> - Remove use of -Wl,--whole-archive added in v5 since it
> bloated the binary sizes too much
> - Move crypto code out of libqemuutil.a to allow linking
> with QOM without problem of linker dropping objects only
> referenced via constructors
> - Allow tools to link to QOM objects
> - Remove repetition in unit test object deps
> - Remove trailing '.' from error messages in TLS code
> - Remove leading '_' from struct name in TLS session
> - Fix leak of TLS credentials in cert checking error path
> - Added docs for enhancement to enum code generator
> - Misc docs typos & indentation fixes
> - Add more sanity checking to enum code generator
> - Add tests to cover enum code generator enhancement
> - Fix dereference of Error **errp variables
> - Fix overwriting of already set Error * variable in tests
> - Use CHAR_BIT constant in sasl code
> - Fix incorrect return status in VNC TLS code errorpath
I think the patches are great, and I'm not sure if anyone is in a better
position than you to decide if they're ready. I don't even know if
anyone really understands the VNC TLS code and thus can review patch 11.
:) So I would just ask you to send a pull request.
Paolo
next prev parent reply other threads:[~2015-09-08 10:04 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-02 11:17 [Qemu-devel] [PATCH v6 00/11] Extract TLS handling code from VNC server Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 01/11] qapi: allow override of default enum prefix naming Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 02/11] tests: remove repetition in unit test object deps Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 03/11] crypto: move crypto objects out of libqemuutil.la Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 04/11] qom: allow QOM to be linked into tools binaries Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 05/11] crypto: introduce new base module for TLS credentials Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 06/11] crypto: introduce new module for TLS anonymous credentials Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 07/11] crypto: introduce new module for TLS x509 credentials Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 08/11] crypto: add sanity checking of " Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 09/11] crypto: introduce new module for handling TLS sessions Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 10/11] ui: fix return type for VNC I/O functions to be ssize_t Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 11/11] ui: convert VNC server to use QCryptoTLSSession Daniel P. Berrange
2015-09-08 10:04 ` Paolo Bonzini [this message]
2015-09-08 11:24 ` [Qemu-devel] [PATCH v6 00/11] Extract TLS handling code from VNC server Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55EEB29B.6090108@redhat.com \
--to=pbonzini@redhat.com \
--cc=berrange@redhat.com \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.