From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:44175) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZUcIu-0007sV-En for qemu-devel@nongnu.org; Wed, 26 Aug 2015 11:08:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZUcIq-0003Zj-Ge for qemu-devel@nongnu.org; Wed, 26 Aug 2015 11:07:56 -0400 Received: from mx1.redhat.com ([209.132.183.28]:40400) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZUcIp-0003ZJ-VQ for qemu-devel@nongnu.org; Wed, 26 Aug 2015 11:07:52 -0400 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (Postfix) with ESMTPS id 869F88CF5B for ; Wed, 26 Aug 2015 15:07:51 +0000 (UTC) References: <1440425695-24286-1-git-send-email-berrange@redhat.com> <1440425695-24286-4-git-send-email-berrange@redhat.com> From: Eric Blake Message-ID: <55DDD641.5060809@redhat.com> Date: Wed, 26 Aug 2015 09:07:45 -0600 MIME-Version: 1.0 In-Reply-To: <1440425695-24286-4-git-send-email-berrange@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="6Mck0AHxChoLglUh4bQEdiGOcOgBDbjCo" Subject: Re: [Qemu-devel] [PATCH v4 3/7] crypto: introduce new module for TLS x509 credentials List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org Cc: Paolo Bonzini , Gerd Hoffmann This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --6Mck0AHxChoLglUh4bQEdiGOcOgBDbjCo Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 08/24/2015 08:14 AM, Daniel P. Berrange wrote: > Introduce a QCryptoTLSCredsX509 class which is used to > manage x509 certificate TLS credentials. This will be > the preferred credential type offering strong security > characteristics >=20 > Example CLI configuration: >=20 > $QEMU -object tls-creds-x509,id=3Dtls0,endpoint=3Dserver,\ > dir=3D/path/to/creds/dir,verify-peer=3Dyes >=20 > The 'id' value in the -object args will be used to associate the > credentials with the network services. For eample, when the VNC s/eample/example/ > server is later converted it would use >=20 > $QEMU -object tls-creds-x509,id=3Dtls0,.... \ > -vnc 127.0.0.1:1,tls-creds=3Dtls0 >=20 > Signed-off-by: Daniel P. Berrange > --- > +/* #define QCRYPTO_DEBUG */ > + > +#ifdef QCRYPTO_DEBUG > +#define DPRINTF(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); }= while (0) > +#else > +#define DPRINTF(fmt, ...) do { } while (0) > +#endif /me I said I wouldn't point it out further... Must Resist... Otherwise looks okay. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --6Mck0AHxChoLglUh4bQEdiGOcOgBDbjCo Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJV3dZBAAoJEKeha0olJ0Nq92IIAJO8aQaliaDQ03IziJAPdKnC 6vBoeUD2XS7Y4WkxVO7/9QuKG+8DKgnvMO6jozalPQR9iJZBoQHFJjmdu+kekiHz F8XbvGiXEgaTCaauSbLaCzFL9rKkd33869MhMUVwdjB3Cu327T1KTLfXo/Ec7Nxi w6DLdR5BQnUp6FCcILvg/NuydNcceSHENv9HHAt/foF62A/ov+IRg9URXwUk5SWi D4Cf822K6agrUciV2t39Dz4wSBr8lpDII2IelUUAFFXqzVy68FiSadmjJmLB0RI+ CWKkbp4cRAltT88mz43vgqLzdXnHyFseWvcqrpGwsLEcZfexEwRVfier9x8dnUI= =xq+6 -----END PGP SIGNATURE----- --6Mck0AHxChoLglUh4bQEdiGOcOgBDbjCo--