qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
From: Gerd Hoffmann <kraxel@redhat.com>
To: qemu-devel@nongnu.org
Cc: Gerd Hoffmann <kraxel@redhat.com>
Subject: [Qemu-devel] [RfC PATCH 07/11] spice: tls support
Date: Wed, 14 Apr 2010 11:55:18 +0200	[thread overview]
Message-ID: <1271238922-10008-8-git-send-email-kraxel@redhat.com> (raw)
In-Reply-To: <1271238922-10008-1-git-send-email-kraxel@redhat.com>

Add options to the -spice command line switch to setup tls:

tls-port
	listening port

x509-dir
	x509 file directory.  Expects same filenames as
	-vnc $display,x509=$dir

x509-key-file
x509-key-password
x509-cert-file
x509-cacert-file
x509-dh-key-file
	x509 files can also be set individually.

tls-ciphers
	which ciphers to use.
---
 spice.c |   90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++---
 1 files changed, 86 insertions(+), 4 deletions(-)

diff --git a/spice.c b/spice.c
index 68d8c95..0f2595b 100644
--- a/spice.c
+++ b/spice.c
@@ -8,6 +8,7 @@
 #include "qemu-spice.h"
 #include "qemu-timer.h"
 #include "qemu-queue.h"
+#include "qemu-x509.h"
 #include "monitor.h"
 
 /* core bits */
@@ -132,11 +133,35 @@ QemuOptsList qemu_spice_opts = {
             .name = "port",
             .type = QEMU_OPT_NUMBER,
         },{
+            .name = "tls-port",           /* old: sport */
+            .type = QEMU_OPT_NUMBER,
+        },{
             .name = "password",
             .type = QEMU_OPT_STRING,
         },{
             .name = "disable-ticketing",
             .type = QEMU_OPT_BOOL,
+        },{
+            .name = "x509-dir",
+            .type = QEMU_OPT_STRING,
+        },{
+            .name = "x509-key-file",      /* old: sslkey */
+            .type = QEMU_OPT_STRING,
+        },{
+            .name = "x509-key-password",  /* old: sslpassword */
+            .type = QEMU_OPT_STRING,
+        },{
+            .name = "x509-cert-file",     /* old: sslcert */
+            .type = QEMU_OPT_STRING,
+        },{
+            .name = "x509-cacert-file",   /* old: sslcafile */
+            .type = QEMU_OPT_STRING,
+        },{
+            .name = "x509-dh-key-file",   /* old: ssldhfile */
+            .type = QEMU_OPT_STRING,
+        },{
+            .name = "tls-ciphers",        /* old: sslciphersuite */
+            .type = QEMU_OPT_STRING,
         },
         { /* end if list */ }
     },
@@ -145,18 +170,71 @@ QemuOptsList qemu_spice_opts = {
 void qemu_spice_init(void)
 {
     QemuOpts *opts = QTAILQ_FIRST(&qemu_spice_opts.head);
-    const char *password;
-    int port;
+    const char *password, *str, *x509_dir,
+        *x509_key_password = NULL,
+        *x509_dh_file = NULL,
+        *tls_ciphers = NULL;
+    char *x509_key_file = NULL,
+        *x509_cert_file = NULL,
+        *x509_cacert_file = NULL;
+    int port, tls_port, len;
 
     if (!opts)
         return;
     port = qemu_opt_get_number(opts, "port", 0);
-    if (!port)
+    tls_port = qemu_opt_get_number(opts, "tls-port", 0);
+    if (!port && !tls_port)
         return;
     password = qemu_opt_get(opts, "password");
 
+    if (tls_port) {
+        x509_dir = qemu_opt_get(opts, "x509-dir");
+        if (NULL == x509_dir)
+            x509_dir = ".";
+        len = strlen(x509_dir) + 32;
+
+        str = qemu_opt_get(opts, "x509-key-file");
+        if (str) {
+            x509_key_file = qemu_strdup(str);
+        } else {
+            x509_key_file = qemu_malloc(len);
+            snprintf(x509_key_file, len, "%s/%s", x509_dir, X509_SERVER_KEY_FILE);
+        }
+
+        str = qemu_opt_get(opts, "x509-cert-file");
+        if (str) {
+            x509_cert_file = qemu_strdup(str);
+        } else {
+            x509_cert_file = qemu_malloc(len);
+            snprintf(x509_cert_file, len, "%s/%s", x509_dir, X509_SERVER_CERT_FILE);
+        }
+
+        str = qemu_opt_get(opts, "x509-cacert-file");
+        if (str) {
+            x509_cacert_file = qemu_strdup(str);
+        } else {
+            x509_cacert_file = qemu_malloc(len);
+            snprintf(x509_cacert_file, len, "%s/%s", x509_dir, X509_CA_CERT_FILE);
+        }
+
+        x509_key_password = qemu_opt_get(opts, "x509-key-password");
+        x509_dh_file = qemu_opt_get(opts, "x509-dh-file");
+        tls_ciphers = qemu_opt_get(opts, "tls-ciphers");
+    }
+
     spice_server = spice_server_new();
-    spice_server_set_port(spice_server, port);
+    if (port) {
+        spice_server_set_port(spice_server, port);
+    }
+    if (tls_port) {
+        spice_server_set_tls(spice_server, tls_port,
+                             x509_cacert_file,
+                             x509_cert_file,
+                             x509_key_file,
+                             x509_key_password,
+                             x509_dh_file,
+                             tls_ciphers);
+    }
     if (password)
         spice_server_set_ticket(spice_server, password, 0, 0, 0);
     if (qemu_opt_get_bool(opts, "disable-ticketing", 0))
@@ -169,4 +247,8 @@ void qemu_spice_init(void)
     using_spice = 1;
 
     qemu_spice_input_init();
+
+    qemu_free(x509_key_file);
+    qemu_free(x509_cert_file);
+    qemu_free(x509_cacert_file);
 }
-- 
1.6.6.1

  parent reply	other threads:[~2010-04-14  9:55 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-04-14  9:55 [Qemu-devel] [RfC PATCH 00/11] Add spice support to qemu Gerd Hoffmann
2010-04-14  9:55 ` [Qemu-devel] [RfC PATCH 01/11] vgabios update to 0.6c, add bios for qxl/unstable Gerd Hoffmann
2010-04-14  9:55 ` [Qemu-devel] [RfC PATCH 02/11] add spice into the configure file Gerd Hoffmann
2010-04-14  9:55 ` [Qemu-devel] [RfC PATCH 03/11] spice: core bits Gerd Hoffmann
2010-04-14  9:55 ` [Qemu-devel] [RfC PATCH 04/11] spice: add keyboard Gerd Hoffmann
2010-04-14  9:55 ` [Qemu-devel] [RfC PATCH 05/11] spice: add mouse Gerd Hoffmann
2010-04-14  9:55 ` [Qemu-devel] [RfC PATCH 06/11] spice: simple display Gerd Hoffmann
2010-04-14  9:55 ` Gerd Hoffmann [this message]
2010-04-14  9:55 ` [Qemu-devel] [RfC PATCH 08/11] spice: add qxl device Gerd Hoffmann
2010-04-14 16:52   ` Blue Swirl
2010-04-14 23:08     ` [Qemu-devel] " Paolo Bonzini
2010-04-15 16:47       ` Blue Swirl
2010-04-15 19:27         ` Richard Henderson
2010-04-16  8:02       ` Gerd Hoffmann
2010-04-16 10:18         ` Paolo Bonzini
2010-04-16 10:34           ` Gerd Hoffmann
2010-04-16 12:53           ` Richard Henderson
2010-04-14 22:21   ` [Qemu-devel] " Alexander Graf
2010-04-16  8:08     ` Gerd Hoffmann
2010-04-14  9:55 ` [Qemu-devel] [RfC PATCH 09/11] qxl: local rendering for sdl/vnc Gerd Hoffmann
2010-04-14  9:55 ` [Qemu-devel] [RfC PATCH 10/11] spice: add tablet support Gerd Hoffmann
2010-04-14  9:55 ` [Qemu-devel] [RfC PATCH 11/11] spice: add audio Gerd Hoffmann
2010-04-14 20:51   ` malc
2010-04-14 23:14     ` [Qemu-devel] " Paolo Bonzini
2010-04-15  0:13       ` malc
2010-04-15  0:26         ` Paolo Bonzini
2010-04-15  0:29           ` malc
2010-04-16  8:40     ` [Qemu-devel] " Gerd Hoffmann
2010-04-16 11:13       ` Gerd Hoffmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1271238922-10008-8-git-send-email-kraxel@redhat.com \
    --to=kraxel@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).