Re: [libvirt] tls_allowed_ip_list?

On Tue, Mar 03, 2009 at 09:13:14AM +0100, Chris Lalancette wrote: > All, > While doing testing on TLS, I came across the mention of > "tls_allowed_ip_list" in the website documentation, here: > > http://libvirt.org/remote.html#Remote_libvirtd_configuration > > However, I don't see any implementation of the tls_allowed_ip_list in libvirt > itself; a grep through the sources show that we are implementing > "tls_allowed_dn_list", but not "tls_allowed_ip_list". Am I missing something in > the sources? Should we update the libvirt.org documentation and remove that > (seemingly non-existent) parameter? Or should I go in and implement the > "tls_allowed_ip_list"? That functionality was removed because it is utterly worthless as an access control feature, and if you want to block rogue IP (ranges) you can do it in iptables far more efficiently & flexibly anyway. The docs just need to be removed