From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54548)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1b5wr2-000087-GC
	for qemu-devel@nongnu.org; Thu, 26 May 2016 11:05:45 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1b5wqy-00089j-64
	for qemu-devel@nongnu.org; Thu, 26 May 2016 11:05:43 -0400
Received: from mx1.redhat.com ([209.132.183.28]:40034)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1b5wqx-00089Y-Of
	for qemu-devel@nongnu.org; Thu, 26 May 2016 11:05:40 -0400
References: <cover.1464242913.git.amit.shah@redhat.com>
	<69ef1f36b0f882fc5ba9491fb272fa5f83ac1d3d.1464242913.git.amit.shah@redhat.com>
From: Eric Blake <eblake@redhat.com>
Message-ID: <574710C1.6070705@redhat.com>
Date: Thu, 26 May 2016 09:05:37 -0600
MIME-Version: 1.0
In-Reply-To: <69ef1f36b0f882fc5ba9491fb272fa5f83ac1d3d.1464242913.git.amit.shah@redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="887Mo7LGs4TkwsSffoQpOQ64dW9Rt0aBF"
Subject: Re: [Qemu-devel] [PULL 25/28] migration: define 'tls-creds' and
 'tls-hostname' migration parameters
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Amit Shah <amit.shah@redhat.com>, Peter Maydell <peter.maydell@linaro.org>
Cc: qemu list <qemu-devel@nongnu.org>, "Dr. David Alan Gilbert" <dgilbert@redhat.com>, Juan Quintela <quintela@redhat.com>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--887Mo7LGs4TkwsSffoQpOQ64dW9Rt0aBF
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 05/26/2016 12:12 AM, Amit Shah wrote:
> From: "Daniel P. Berrange" <berrange@redhat.com>
>=20
> Define two new migration parameters to be used with TLS encryption.
> The 'tls-creds' parameter provides the ID of an instance of the
> 'tls-creds' object type, or rather a subclass such as 'tls-creds-x509'.=

> Providing these credentials will enable use of TLS on the migration
> data stream.
>=20

> +++ b/qapi-schema.json

> +# @tls-hostname: hostname of the target host for the migration. This i=
s
> +#                required when using x509 based TLS credentials and th=
e
> +#                migration URI does not already include a hostname. Fo=
r
> +#                example if using fd: or exec: based migration, the
> +#                hostname must be provided so that the server's x509
> +#                certificate identity canbe validated. (Since 2.7)

s/canbe/can be/


> +#
> +# @tls-hostname: hostname of the target host for the migration. This i=
s
> +#                required when using x509 based TLS credentials and th=
e
> +#                migration URI does not already include a hostname. Fo=
r
> +#                example if using fd: or exec: based migration, the
> +#                hostname must be provided so that the server's x509
> +#                certificate identity canbe validated. (Since 2.7)

and again

> @@ -667,6 +702,21 @@
>  #                          auto-converge detects that migration is not=
 making
>  #                          progress. The default value is 10. (Since 2=
=2E7)
>  #
> +# @tls-creds: ID of the 'tls-creds' object that provides credentials f=
or
> +#             establishing a TLS connection over the migration data ch=
annel.
> +#             On the outgoing side of the migration, the credentials m=
ust
> +#             be for a 'client' endpoint, while for the incoming side =
the
> +#             credentials must be for a 'server' endpoint. Setting thi=
s
> +#             will enable TLS for all migrations. The default is unset=
,
> +#             resulting in unsecured migration at the QEMU level. (Sin=
ce 2.6)

Missed a swap to call out 2.7

> +#
> +# @tls-hostname: hostname of the target host for the migration. This i=
s
> +#                required when using x509 based TLS credentials and th=
e
> +#                migration URI does not already include a hostname. Fo=
r
> +#                example if using fd: or exec: based migration, the
> +#                hostname must be provided so that the server's x509
> +#                certificate identity canbe validated. (Since 2.6)

can be, 2.7

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--887Mo7LGs4TkwsSffoQpOQ64dW9Rt0aBF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJXRxDBAAoJEKeha0olJ0NqbzMH/1GdG7o8oy2Lv2+CFmIACQYL
KniS3XEKpdRRGElftROw9BMlcQyvv+XMPyqJkcW/bD+AlwMjQT6S2QLe7txQofhf
a2zxNvd40MmfpQHbjztr+do+u69eWOtBJefLINs6uOAb2AJpjPk1oC5fcDHvBYlj
CzuQcz0RTl29tSJUnBIeWTT/teitdPNVDVdmzDF0rxgtT/mPNUVm4pYSgnWktGyk
lT3mPBau3tJD5fr0gkZ8CJhGp0wE3OJ0EoXaMaS2xXf5gl8G00UQRGKTIZyRBuI7
Cn32qUNad3Ie6xsx2/x6vIeXdaX02S3lcrk03ZNPeoiGOs/wjdQ8I4+7EZWcUGc=
=jBj1
-----END PGP SIGNATURE-----

--887Mo7LGs4TkwsSffoQpOQ64dW9Rt0aBF--