From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54069) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZUi9l-0006I4-HU for qemu-devel@nongnu.org; Wed, 26 Aug 2015 17:22:54 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZUi9h-0002i1-Kf for qemu-devel@nongnu.org; Wed, 26 Aug 2015 17:22:53 -0400 Received: from mx1.redhat.com ([209.132.183.28]:48058) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZUi9h-0002hq-Fg for qemu-devel@nongnu.org; Wed, 26 Aug 2015 17:22:49 -0400 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (Postfix) with ESMTPS id 4D50A8CF56 for ; Wed, 26 Aug 2015 21:22:48 +0000 (UTC) References: <1440601524-30316-1-git-send-email-berrange@redhat.com> <1440601524-30316-5-git-send-email-berrange@redhat.com> From: Eric Blake Message-ID: <55DE2E23.8080007@redhat.com> Date: Wed, 26 Aug 2015 15:22:43 -0600 MIME-Version: 1.0 In-Reply-To: <1440601524-30316-5-git-send-email-berrange@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="1qfR98bDn00sdG5UBQ8WBukQOjSk43Hjj" Subject: Re: [Qemu-devel] [PATCH v5 4/9] crypto: introduce new module for TLS anonymous credentials List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org Cc: Paolo Bonzini , Gerd Hoffmann This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --1qfR98bDn00sdG5UBQ8WBukQOjSk43Hjj Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 08/26/2015 09:05 AM, Daniel P. Berrange wrote: > Introduce a QCryptoTLSCredsAnon class which is used to > manage anonymous TLS credentials. Use of this class is > generally discouraged since it does not offer strong > security, but it is required for backwards compatibility > with the current VNC server implementation. >=20 > Simple example CLI configuration: >=20 > $QEMU -object tls-creds-anon,id=3Dtls0,endpoint=3Dserver >=20 > Example using pre-created diffie-hellman parameters >=20 > $QEMU -object tls-creds-anon,id=3Dtls0,endpoint=3Dserver,\ > dir=3D/path/to/creds/dir >=20 > The 'id' value in the -object args will be used to associate the > credentials with the network services. For example, when the VNC > server is later converted it would use >=20 > $QEMU -object tls-creds-anon,id=3Dtls0,.... \ > -vnc 127.0.0.1:1,tls-creds=3Dtls0 >=20 > Signed-off-by: Daniel P. Berrange > --- Reviewed-by: Eric Blake --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --1qfR98bDn00sdG5UBQ8WBukQOjSk43Hjj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJV3i4jAAoJEKeha0olJ0NqJOkIAKnMiln7Ywjik+32WIeYFOhQ BvYmQpCOHj1OWyjfixauMjiUR/KwqZadhSyiDX3CVZcLfIusvEAToUblUB0PqUYI FMQdUcPDJkRYyq8DgDMnmPQdGbNb6CmzmKfqOI2UVZozpFjn/f57PDr1UAHT0US9 FLuLluJQA2uwp7Q2bwnFsBokFGhIDovu/gXnrB8KAiUZPqmNKHokgh9NedpxipZs wr3qPuj1F64vhnN4IlgCqgqLQrIvWa0wGjJI8hqI8ktXADtPlAbh1SdLjMKnV/S7 qTFUrnDGSwMHT/f3wfrN5kdmS5/cc0qbObriGD20zjDWqum8yzS3Tr+t9kjxYt4= =iDc2 -----END PGP SIGNATURE----- --1qfR98bDn00sdG5UBQ8WBukQOjSk43Hjj--