Home
last modified time | relevance | path

Searched hist:"3 e305e4a4752f70c0b5c3cf5b43ec957881714f7" (Results 1 – 8 of 8) sorted by relevance

/qemu/ui/
H A Dvnc-ws.h3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Thu Aug 06 13:39:32 UTC 2015 Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession

Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

-vnc hostname:0,tls

New syntax:

-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

-vnc hostname:0,tls,x509=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

-vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
H A Dvnc-auth-vencrypt.c3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Thu Aug 06 13:39:32 UTC 2015 Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession

Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

-vnc hostname:0,tls

New syntax:

-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

-vnc hostname:0,tls,x509=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

-vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
H A Dvnc-ws.c3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Thu Aug 06 13:39:32 UTC 2015 Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession

Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

-vnc hostname:0,tls

New syntax:

-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

-vnc hostname:0,tls,x509=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

-vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
H A Dvnc-auth-sasl.c3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Thu Aug 06 13:39:32 UTC 2015 Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession

Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

-vnc hostname:0,tls

New syntax:

-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

-vnc hostname:0,tls,x509=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

-vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
H A Dvnc.h3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Thu Aug 06 13:39:32 UTC 2015 Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession

Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

-vnc hostname:0,tls

New syntax:

-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

-vnc hostname:0,tls,x509=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

-vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
H A Dvnc.c3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Thu Aug 06 13:39:32 UTC 2015 Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession

Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

-vnc hostname:0,tls

New syntax:

-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

-vnc hostname:0,tls,x509=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

-vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
/qemu/
H A Dconfigure9f503153c78a23bcd44409cea64442c4ecd82ea5 Tue Nov 03 11:34:31 UTC 2015 Daniel P. Berrange <berrange@redhat.com> configure: remove help string for 'vnc-tls' option

The '--enable-vnc-tls' option to configure was removed in

commit 3e305e4a4752f70c0b5c3cf5b43ec957881714f7
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Thu Aug 6 14:39:32 2015 +0100

ui: convert VNC server to use QCryptoTLSSession

This removes the corresponding help string.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Thu Aug 06 13:39:32 UTC 2015 Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession

Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

-vnc hostname:0,tls

New syntax:

-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

-vnc hostname:0,tls,x509=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

-vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
H A Dqemu-options.hx3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Thu Aug 06 13:39:32 UTC 2015 Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession

Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

-vnc hostname:0,tls

New syntax:

-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

-vnc hostname:0,tls,x509=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

-vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>