From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1IGH6T-0007JQ-Op
	for qemu-devel@nongnu.org; Wed, 01 Aug 2007 12:31:17 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1IGH6T-0007Ix-Aq
	for qemu-devel@nongnu.org; Wed, 01 Aug 2007 12:31:17 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1IGH6T-0007It-8I
	for qemu-devel@nongnu.org; Wed, 01 Aug 2007 12:31:17 -0400
Received: from mx1.redhat.com ([66.187.233.31])
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <berrange@redhat.com>) id 1IGH6T-0008D4-3I
	for qemu-devel@nongnu.org; Wed, 01 Aug 2007 12:31:17 -0400
Date: Wed, 1 Aug 2007 17:31:13 +0100
From: "Daniel P. Berrange" <berrange@redhat.com>
Subject: Re: [Qemu-devel] PATCH 7/8: command line args for x509 cert paths
Message-ID: <20070801163113.GF31282@redhat.com>
References: <20070731192316.GI18730@redhat.com>
	<20070731192958.GP18730@redhat.com> <46AFE7C1.50902@codemonkey.ws>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <46AFE7C1.50902@codemonkey.ws>
Reply-To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: qemu-devel@nongnu.org

On Tue, Jul 31, 2007 at 08:54:09PM -0500, Anthony Liguori wrote:
> Daniel P. Berrange wrote:
> >This final code patch adds 4 new command line arguments to QEMU to allow 
> >the
> >certificate files to be specified. The '-x509cacert', '-x509cert' and 
> >'-x509key'
> >parameters are mandatory if the 'x509' or 'x509verify' flags are used when
> >setting up the VNC server. If the certificates are not provided, all client
> >authentication attempts will be rejected.
> >  
> 
> It concerns me a little to add 4 new command line options.  Perhaps just 
> supply a directory and hard code the names of each file?  Then it could 
> even be specified as -vnc 
> [proto]:<proto-arg>[,tls[,x509[:/path/to/x509/certs]]]  with a 
> reasonable default provided.

Including it as part of the main vnc arg would be nice as it'd let the admin
set/change it from the monitor too. Merely specifying a directory would be
fine with me - its trivial to symlink files if the admin wants to store them
in some other way.

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=|