On Mon, Jan 22, 2007 at 02:46:11PM +0000, Mark McLoughlin wrote:
Now updated at:
http://people.redhat.com/berrange/libvirt/libvirt-qemu-daemon-2.patch
http://people.redhat.com/berrange/libvirt/libvirt-qemu-driver-2.patch
The major changes in these two patches since the previous time are:
- Client and server now use TLS on TCP sockets (UNIX sockets are plain)
- Client must have 4 files in current working dir
- ca-cert.pem - CA certificate
- ca-crl.pem - CA revocation list
- cert.pem - client's certificate
- key.pem - client's secret key
This should change in future once we decide on how to handle these.
- Server can enable TLS support via command line args:
libvirt_qemud -l local --tls --tls-cert cert.pem --tls-key key.pem \
--tls-ca-cert ca-cert.pem --tls-ca-crl ca-crl.pem
- The wire protocol uses fixed size types & requires network byte order
on the wire.
- Added a 'hello' message. When first connecting the client sends the max
version number it supports & whether it supports clear mode & TLS mode.
Server rejects clients with incompatible major, or picks maximum minor
version supported by both client & server. If server requires TLS it
will reject a client not advertising support of TLS mode.
Upon completion of 'hello' request+reply, will do TLS handshake. If
successfull, then server will enable the rest of the protocol messages,
otherwise it drops the client.
NB, there is bucket loads of printf() debugging in these patches since I was
still experimenting with the TLS stuff.
I simply removed -std=c99 and fixed up places I'd used C99 constructs, so should
no longer be needed
Not merged yet
Now unneccessary
Merged these two.
Merged these two.
When updating this you need two core changes:
- Change all 'int' to one of int32_t, uint32_t, int64_t, uint64_t
- Use 'qemud_wire_32' or 'qemud_wire_64' when reading or writing data
to the qemud_packet members.
Regards,
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules:
http://search.cpan.org/~danberr/ -=|
|=- Projects:
http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|