From: Paolo Bonzini <pbonzini@redhat.com>
To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: Gerd Hoffmann <kraxel@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v6 00/11] Extract TLS handling code from VNC server
Date: Tue, 8 Sep 2015 12:04:11 +0200 [thread overview]
Message-ID: <55EEB29B.6090108@redhat.com> (raw)
In-Reply-To: <1441192690-15413-1-git-send-email-berrange@redhat.com>
On 02/09/2015 13:17, Daniel P. Berrange wrote:
> This small patch series is a formal submission of another part
> of my previous series
>
> v1: https://lists.gnu.org/archive/html/qemu-devel/2015-04/msg02038.html
> v2: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg01267.html
> v3: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg01386.html
> v4: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02655.html
> v5: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg03159.html
>
> Now we have the basic crypto module defined for hash/cipher APIs,
> we extend it to also cover TLS credential and TLS session handling
> APIs. These new TLS related APIs obsolete the vast majority of the
> TLS handling code in the current VNC server. As a result the VNC
> server no longer has to worry about conditional compilation for
> GNUTLS. It also gives us code reuse for future patches which intend
> to add TLS support to chardevs, migration, nbd, etc.
>
> This series deprecates the existing way of configuring TLS for
> VNC on the command line, but maintains support for back-compat
> reasons.
>
> Since the TLS code is now totally isolated from the VNC server it
> is also practical to provide significant unit test coverage of what
> is security critical code.
>
> Aside from the new CLI syntax for configuring TLS with VNC, the
> only other functional change is to allow diffie-hellman params
> to be loaded from a file, instead of being generated at startup.
>
> Changes in v6:
>
> - Remove use of -Wl,--whole-archive added in v5 since it
> bloated the binary sizes too much
> - Move crypto code out of libqemuutil.a to allow linking
> with QOM without problem of linker dropping objects only
> referenced via constructors
> - Allow tools to link to QOM objects
> - Remove repetition in unit test object deps
> - Remove trailing '.' from error messages in TLS code
> - Remove leading '_' from struct name in TLS session
> - Fix leak of TLS credentials in cert checking error path
> - Added docs for enhancement to enum code generator
> - Misc docs typos & indentation fixes
> - Add more sanity checking to enum code generator
> - Add tests to cover enum code generator enhancement
> - Fix dereference of Error **errp variables
> - Fix overwriting of already set Error * variable in tests
> - Use CHAR_BIT constant in sasl code
> - Fix incorrect return status in VNC TLS code errorpath
I think the patches are great, and I'm not sure if anyone is in a better
position than you to decide if they're ready. I don't even know if
anyone really understands the VNC TLS code and thus can review patch 11.
:) So I would just ask you to send a pull request.
Paolo
next prev parent reply other threads:[~2015-09-08 10:04 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-09-02 11:17 [Qemu-devel] [PATCH v6 00/11] Extract TLS handling code from VNC server Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 01/11] qapi: allow override of default enum prefix naming Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 02/11] tests: remove repetition in unit test object deps Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 03/11] crypto: move crypto objects out of libqemuutil.la Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 04/11] qom: allow QOM to be linked into tools binaries Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 05/11] crypto: introduce new base module for TLS credentials Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 06/11] crypto: introduce new module for TLS anonymous credentials Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 07/11] crypto: introduce new module for TLS x509 credentials Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 08/11] crypto: add sanity checking of " Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 09/11] crypto: introduce new module for handling TLS sessions Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 10/11] ui: fix return type for VNC I/O functions to be ssize_t Daniel P. Berrange
2015-09-02 11:18 ` [Qemu-devel] [PATCH v6 11/11] ui: convert VNC server to use QCryptoTLSSession Daniel P. Berrange
2015-09-08 10:04 ` Paolo Bonzini [this message]
2015-09-08 11:24 ` [Qemu-devel] [PATCH v6 00/11] Extract TLS handling code from VNC server Gerd Hoffmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55EEB29B.6090108@redhat.com \
--to=pbonzini@redhat.com \
--cc=berrange@redhat.com \
--cc=kraxel@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).