On Wed, Feb 15, 2012 at 09:59:57AM -0500, Dave Allan wrote:
On Wed, Feb 15, 2012 at 10:08:24AM +0100, Christophe Fergeau wrote:
On Tue, Feb 14, 2012 at 02:10:37PM -0700, Eric Blake wrote:
Meta-question - if the XML requests secure, but TLS is disabled, should we instead be failing to start the domain with a complaint that we can't honor the XML?
Meta-non-answer, when a TLS port is set but TLS is disabled in the config file, it's silently ignored:
What value does allowing TLS configuration in qemu.conf add? That seems wrong to me because it creates the possibility of the kind of ambiguity discovered here. Shouldn't the domain XML be the only required statement of the user's intent?
It enables you to turn on TLS for all guests, regardless of the domain XML configuration, which is a desirable policy control knob for a host level administrator to have. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|