From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56383) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZUdzm-0008Nk-S0 for qemu-devel@nongnu.org; Wed, 26 Aug 2015 12:56:19 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZUdzj-0007R4-F1 for qemu-devel@nongnu.org; Wed, 26 Aug 2015 12:56:18 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50996) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZUdzj-0007Qs-7H for qemu-devel@nongnu.org; Wed, 26 Aug 2015 12:56:15 -0400 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by mx1.redhat.com (Postfix) with ESMTPS id 708298A179 for ; Wed, 26 Aug 2015 16:56:14 +0000 (UTC) References: <1440601524-30316-1-git-send-email-berrange@redhat.com> <1440601524-30316-4-git-send-email-berrange@redhat.com> From: Eric Blake Message-ID: <55DDEFA7.2030105@redhat.com> Date: Wed, 26 Aug 2015 10:56:07 -0600 MIME-Version: 1.0 In-Reply-To: <1440601524-30316-4-git-send-email-berrange@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="DPs4lSUMGT9ulKPDevcqhvXr5tLdLexNC" Subject: Re: [Qemu-devel] [PATCH v5 3/9] crypto: introduce new base module for TLS credentials List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org Cc: Paolo Bonzini , Gerd Hoffmann This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --DPs4lSUMGT9ulKPDevcqhvXr5tLdLexNC Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 08/26/2015 09:05 AM, Daniel P. Berrange wrote: > Introduce a QCryptoTLSCreds class to act as the base class for > storing TLS credentials. This will be later subclassed to provide > handling of anonymous and x509 credential types. The subclasses > will be user creatable objects, so instances can be created & > deleted via 'object-add' and 'object-del' QMP commands respectively, > or via the -object command line arg. >=20 > If the credentials cannot be initialized an error will be reported > as a QMP reply, or on stderr respectively. >=20 > The idea is to make it possible to represent and manage TLS > credentials independently of the network service that is using > them. This will enable multiple services to use the same set of > credentials and minimize code duplication. A later patch will > convert the current VNC server TLS code over to use this object. >=20 > The representation of credentials will be functionally equivalent > to that currently implemented in the VNC server with one exception. > The new code has the ability to (optionally) load a pre-generated > set of diffie-hellman parameters, if the file dh-params.pem exists, > whereas the current VNC server will always generate them on startup. > This is beneficial for admins who wish to avoid the (small) time > sink of generating DH parameters at startup and/or avoid depleting > entropy. >=20 > Signed-off-by: Daniel P. Berrange > --- > +++ b/qapi/crypto.json > @@ -0,0 +1,20 @@ > +# -*- Mode: Python -*- > +# > +# QAPI crypto definitions > + > +## > +# QCryptoTLSCredsEndpoint: > +# > +# The type of network endpoint that will be using the credentials. > +# Most types of credential require different setup / structures > +# depending on whether they will be used in a server vs a client. I'm not sure if 'vs.' is more common than 'vs' when abbreviating 'versus'; or you could skip the debate by s/vs/or/ Reviewed-by: Eric Blake --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --DPs4lSUMGT9ulKPDevcqhvXr5tLdLexNC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJV3e+nAAoJEKeha0olJ0NqXzsH/1a/8yYl3LwyLJb6jqA51Upp aDZ7DdUTHNcnVpnlHLmgI7yW49IGPIj8dpOJAbpdgE2w8CD42IlIk57cjC9vFHao +9YqrVKP+C5o7tdNLx8RScCEVFUToWgNArWEMoUF+aj3E1/VOVrvxlJ93tI8vkLU GM7OQd71WFONriNspAw/5veYBxWQS2HDxNVM5CfMfApCUJrl/RPPjoXl65dFa4zq ydaYRhWZUq2FV3P8p/tUc+5D+99oETwQFgC5pntO6R4NFTwJt9hi2zBARoXgkQ9h /UocKJR2VPUzZgXqw/QMVIGuxGwGqkOEdYyG3B5ozb9NQ7oOeFWbjRIoR2/pWjk= =RQD6 -----END PGP SIGNATURE----- --DPs4lSUMGT9ulKPDevcqhvXr5tLdLexNC--