Home
last modified time | relevance | path

Searched hist:"3 e305e4a4752f70c0b5c3cf5b43ec957881714f7" (Results 1 – 8 of 8) sorted by relevance

/openbmc/qemu/ui/
H A Dvnc-ws.hdiff 3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Thu Aug 06 08:39:32 CDT 2015 Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession

Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

-vnc hostname:0,tls

New syntax:

-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

-vnc hostname:0,tls,x509=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

-vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
H A Dvnc-auth-vencrypt.cdiff 3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Thu Aug 06 08:39:32 CDT 2015 Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession

Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

-vnc hostname:0,tls

New syntax:

-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

-vnc hostname:0,tls,x509=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

-vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
H A Dvnc-ws.cdiff 3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Thu Aug 06 08:39:32 CDT 2015 Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession

Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

-vnc hostname:0,tls

New syntax:

-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

-vnc hostname:0,tls,x509=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

-vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
H A Dvnc-auth-sasl.cdiff 3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Thu Aug 06 08:39:32 CDT 2015 Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession

Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

-vnc hostname:0,tls

New syntax:

-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

-vnc hostname:0,tls,x509=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

-vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
H A Dvnc.hdiff 3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Thu Aug 06 08:39:32 CDT 2015 Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession

Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

-vnc hostname:0,tls

New syntax:

-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

-vnc hostname:0,tls,x509=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

-vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
H A Dvnc.cdiff 3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Thu Aug 06 08:39:32 CDT 2015 Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession

Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

-vnc hostname:0,tls

New syntax:

-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

-vnc hostname:0,tls,x509=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

-vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
/openbmc/qemu/
H A Dconfigurediff 9f503153c78a23bcd44409cea64442c4ecd82ea5 Tue Nov 03 05:34:31 CST 2015 Daniel P. Berrange <berrange@redhat.com> configure: remove help string for 'vnc-tls' option

The '--enable-vnc-tls' option to configure was removed in

commit 3e305e4a4752f70c0b5c3cf5b43ec957881714f7
Author: Daniel P. Berrange <berrange@redhat.com>
Date: Thu Aug 6 14:39:32 2015 +0100

ui: convert VNC server to use QCryptoTLSSession

This removes the corresponding help string.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff 3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Thu Aug 06 08:39:32 CDT 2015 Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession

Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

-vnc hostname:0,tls

New syntax:

-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

-vnc hostname:0,tls,x509=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

-vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
H A Dqemu-options.hxdiff 3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Thu Aug 06 08:39:32 CDT 2015 Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession

Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

-vnc hostname:0,tls

New syntax:

-object tls-creds-anon,id=tls0,endpoint=server \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

-vnc hostname:0,tls,x509=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
-vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

-vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

-object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
-vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>