https://bugzilla.redhat.com/show_bug.cgi?id=1458630 Apparantly commit id 'dc4c2f75a' wasn't specific enough, so here's a few more clarifications. Signed-off-by: John Ferlan <jferlan(a)redhat.com&gt; --- src/qemu/qemu.conf | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index 2e8370a5a8..6ec893ac1f 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -13,8 +13,9 @@ # # dh-params.pem - the DH params configuration file # -# If the directory does not exist or contain the necessary files, QEMU -# domains will fail to start if they are configured to use TLS. +# If the directory does not exist, libvirtd will fail to start. If the +# directory doesn't contain the necessary files, QEMU domains will fail +# to start if they are configured to use TLS. # # In order to overwrite the default path alter the following. This path # definition will be used as the default path for other *_tls_x509_cert_dir @@ -87,8 +88,9 @@ # In order to override the default TLS certificate location for # vnc certificates, supply a valid path to the certificate directory. -# If the provided path does not exist then the default_tls_x509_cert_dir -# path will be used. +# If the provided path does not exist, libvirtd will fail to start. +# If the path is not provided, but vnc_tls = 1, then the +# default_tls_x509_cert_dir path will be used. # #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc" @@ -172,8 +174,9 @@ # In order to override the default TLS certificate location for # spice certificates, supply a valid path to the certificate directory. -# If the provided path does not exist then the default_tls_x509_cert_dir -# path will be used. +# If the provided path does not exist, libvirtd will fail to start. +# If the path is not provided, but spice_tls = 1, then the +# default_tls_x509_cert_dir path will be used. # #spice_tls_x509_cert_dir = "/etc/pki/libvirt-spice" @@ -224,8 +227,9 @@ # In order to override the default TLS certificate location for character # device TCP certificates, supply a valid path to the certificate directory. -# If the provided path does not exist then the default_tls_x509_cert_dir -# path will be used. +# If the provided path does not exist, libvirtd will fail to start. +# If the path is not provided, but chardev_tls = 1, then the +# default_tls_x509_cert_dir path will be used. # #chardev_tls_x509_cert_dir = "/etc/pki/libvirt-chardev" @@ -276,8 +280,9 @@ # This is used to authenticate the VxHS block device clients to the VxHS # server. # -# If the provided path does not exist then the default_tls_x509_cert_dir -# path will be used. +# If the provided path does not exist, libvirtd will fail to start. +# If the path is not provided, but vxhs_tls = 1, then the +# default_tls_x509_cert_dir path will be used. # # VxHS block device clients expect the client certificate and key to be # present in the certificate directory along with the CA master certificate. @@ -294,7 +299,8 @@ # In order to override the default TLS certificate location for migration # certificates, supply a valid path to the certificate directory. If the -# provided path does not exist then the default_tls_x509_cert_dir path +# provided path does not exist, libvirtd will fail to start. If the path is +# not provided, but migrate_tls = 1, then the default_tls_x509_cert_dir path # will be used. Once/if a default certificate is enabled/defined, migration # will then be able to use the certificate via migration API flags. # -- 2.13.6