From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44053)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arei.gonglei@huawei.com>) id 1YVVls-0001wm-0X
	for qemu-devel@nongnu.org; Tue, 10 Mar 2015 21:49:16 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <arei.gonglei@huawei.com>) id 1YVVlm-0005pG-Kz
	for qemu-devel@nongnu.org; Tue, 10 Mar 2015 21:49:15 -0400
Received: from szxga01-in.huawei.com ([58.251.152.64]:24599)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <arei.gonglei@huawei.com>) id 1YVVll-0005oJ-Vw
	for qemu-devel@nongnu.org; Tue, 10 Mar 2015 21:49:10 -0400
Message-ID: <54FF9EFE.8000706@huawei.com>
Date: Wed, 11 Mar 2015 09:48:46 +0800
From: Gonglei <arei.gonglei@huawei.com>
MIME-Version: 1.0
References: <1426004854-4869-1-git-send-email-berrange@redhat.com>
In-Reply-To: <1426004854-4869-1-git-send-email-berrange@redhat.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH] ui: fix regression in x509verify parameter
 for VNC server
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: Gerd Hoffmann <kraxel@redhat.com>

On 2015/3/11 0:27, Daniel P. Berrange wrote:
> The 'x509verify' parameter is documented as taking a path to the
> x509 certificates, ie the same syntax as the 'x509' parameter.
> 
>   commit 4db14629c38611061fc19ec6927405923de84f08
>   Author: Gerd Hoffmann <kraxel@redhat.com>
>   Date:   Tue Sep 16 12:33:03 2014 +0200
> 
>     vnc: switch to QemuOpts, allow multiple servers
> 
> caused a regression by turning 'x509verify' into a boolean
> parameter instead. This breaks setup from libvirt and is not
> consistent with the docs.
> 
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  ui/vnc.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 
> diff --git a/ui/vnc.c b/ui/vnc.c
> index 10a2724..37290e7 100644
> --- a/ui/vnc.c
> +++ b/ui/vnc.c
> @@ -3304,7 +3304,7 @@ static QemuOptsList qemu_vnc_opts = {
>              .type = QEMU_OPT_BOOL,
>          },{
>              .name = "x509verify",
> -            .type = QEMU_OPT_BOOL,
> +            .type = QEMU_OPT_STRING,
>          },{
>              .name = "acl",
>              .type = QEMU_OPT_BOOL,
> @@ -3391,9 +3391,14 @@ void vnc_display_open(const char *id, Error **errp)
>  #ifdef CONFIG_VNC_TLS
>      tls  = qemu_opt_get_bool(opts, "tls", false);
>      path = qemu_opt_get(opts, "x509");
> +    if (!path) {
> +        path = qemu_opt_get(opts, "x509verify");
> +        if (path) {
> +            vs->tls.x509verify = true;
> +        }
> +    }
>      if (path) {
>          x509 = true;
> -        vs->tls.x509verify = qemu_opt_get_bool(opts, "x509verify", false);

We still need to get the x509verify value, while both 'x509' and 'x509verify'
are configured, isn't it?

Regards,
-Gonglei

>          if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
>              error_setg(errp, "Failed to find x509 certificates/keys in %s",
>                         path);
>