From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:38181) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZUc1R-0001uT-Ol for qemu-devel@nongnu.org; Wed, 26 Aug 2015 10:49:54 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZUc1O-0002bF-It for qemu-devel@nongnu.org; Wed, 26 Aug 2015 10:49:53 -0400 Received: from mx1.redhat.com ([209.132.183.28]:60934) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZUc1O-0002b7-DX for qemu-devel@nongnu.org; Wed, 26 Aug 2015 10:49:50 -0400 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (Postfix) with ESMTPS id 16BA38CF47 for ; Wed, 26 Aug 2015 14:49:50 +0000 (UTC) Date: Wed, 26 Aug 2015 15:49:46 +0100 From: "Daniel P. Berrange" Message-ID: <20150826144946.GN21787@redhat.com> References: <1440425695-24286-1-git-send-email-berrange@redhat.com> <1440425695-24286-3-git-send-email-berrange@redhat.com> <55DB82A6.1080706@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <55DB82A6.1080706@redhat.com> Subject: Re: [Qemu-devel] [PATCH v4 2/7] crypto: introduce new module for TLS anonymous credentials Reply-To: "Daniel P. Berrange" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eric Blake Cc: Paolo Bonzini , qemu-devel@nongnu.org, Gerd Hoffmann On Mon, Aug 24, 2015 at 02:46:30PM -0600, Eric Blake wrote: > On 08/24/2015 08:14 AM, Daniel P. Berrange wrote: > > Introduce a QCryptoTLSCredsAnon class which is used to > > manage anonymous TLS credentials. Use of this class is > > generally discouraged since it does not offer strong > > security, but it is required for backwards compatibility > > with the current VNC server implementation. > > > > Simple example CLI configuration: > > > > $QEMU -object tls-creds-anon,id=tls0,endpoint=server > > > > Example using pre-created diffie-hellman parameters > > > > $QEMU -object tls-creds-anon,id=tls0,endpoint=server,\ > > dir=/path/to/creds/dir > > > > The 'id' value in the -object args will be used to associate the > > credentials with the network services. For eample, when the VNC > > s/eample/example/ > > > server is later converted it would use > > > > $QEMU -object tls-creds-anon,id=tls0,.... \ > > -vnc 127.0.0.1:1,tls-creds=tls0 > > > > Signed-off-by: Daniel P. Berrange > > --- > > > +++ b/crypto/init.c > > @@ -20,6 +20,7 @@ > > > > #include "crypto/init.h" > > #include "crypto/tlscreds.h" > > +#include "crypto/tlscredsanon.h" > > #include "qemu/thread.h" > > > > #ifdef CONFIG_GNUTLS > > @@ -144,6 +145,7 @@ int qcrypto_init(Error **errp) > > * clever enough to see the constructor :-( > > */ > > qcrypto_tls_creds_dummy(); > > + qcrypto_tls_creds_anon_dummy(); > > Are there any gcc hacks such as adding __attribute__((used)) that might > help? I finally figured out that we can use -Wl,--whole-archive when linking to libqemuutil.a to fix this properly. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|