Re: [libvirt] [PATCH v2 5/6] qemu: Add support for TLS X.509 path to TCP chardev backend

Thursday, 16 June 2016

On Thu, Jun 16, 2016 at 06:42:26AM -0400, John Ferlan wrote:
...
 When building a chardev device string for tcp, add the necessary
pieces to
 access provide the TLS X.509 path to qemu.  This includes generating the
 'tls-creds-x509' object and then adding the 'tls-creds' parameter to the
 VIR_DOMAIN_CHR_TYPE_TCP command line.

 Finally add the tests for the qemu command line. This test will make use
 of the "new(ish)" /etc/pki/libvirt-default setting for a TLS certificate
 environment by *not* "resetting" the charTCPTLSx509certdir prior to
 running the test.

 Signed-off-by: John Ferlan <jferlan(a)redhat.com&gt;
 ---
  src/qemu/qemu_command.c                            | 102 ++++++++++++++++++++-
  .../qemuxml2argv-serial-tcp-tlsx509-chardev.args   |  33 +++++++
  tests/qemuxml2argvtest.c                           |   6 ++
  3 files changed, 140 insertions(+), 1 deletion(-)
  create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-serial-tcp-tlsx509-chardev.args

 diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
 index 4a8def1..815785c 100644
 --- a/src/qemu/qemu_command.c
 +++ b/src/qemu/qemu_command.c
 @@ -701,6 +701,97 @@ qemuBuildRBDSecinfoURI(virBufferPtr buf,
  }

 +/* qemuBuildTLSx509BackendProps:
 + * @tlspath: path to the TLS credentials
 + * @listen: boolen listen for client or server setting
 + * @qemuCaps: capabilities
 + * @propsret: json properties to return
 + *
 + * Create a backend string for the tls-creds-x509 object.
 + *
 + * Returns 0 on success, -1 on failure with error set.
 + */
 +static int
 +qemuBuildTLSx509BackendProps(const char *tlspath,
 +                             bool listen,
 +                             virQEMUCapsPtr qemuCaps,
 +                             virJSONValuePtr *propsret)
 +{
 +    virBuffer buf = VIR_BUFFER_INITIALIZER;
 +    char *path = NULL;
 +    int ret = -1;
 +
 +    if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) {
 +        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
 +                       _("tls-creds-x509 not supported in this QEMU
binary"));
 +        return -1;
 +    }
 +
 +    qemuBufferEscapeComma(&buf, tlspath);
 +    if (virBufferCheckError(&buf) < 0)
 +        goto cleanup;
 +    path = virBufferContentAndReset(&buf);
 +
 +    if (virJSONValueObjectCreate(propsret,
 +                                 "s:dir", path,
 +                                 "s:endpoint", (listen ? "server":
"client"), 
We should also have ability to set 'verify-peer' to yes/no

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [libvirt] [PATCH v2 5/6] qemu: Add support for TLS X.509 path to TCP chardev backend