On 11/01/2011, at 1:51 AM, Matthias Bolte wrote:
The readme suggests (at least to me) that the TLS certs for
libvirt's
TLS transport and the ESX driver using HTTPS are the same:
"TLS certificates are needed prior to connecting to either
QEMU instances with TLS, or connecting to VMware
ESX/vSphere."
Yes, the ESX driver (actually libcurl) needs to know the cacert.pem
for the key that signed the HTTPS certificate in order to verify the
server's certificate. That's what you can disable using the
no_verify=1 query parameter. But HTTPS doesn't do mutual verification
as libvirt's TLS transport does. There is no clientcert/key.pem
involved in HTTPS.
Just chucked a new revision of the 0.8.7 installer on the web:
http://libvirt.org/sources/win32_experimental/Libvirt-0.8.7-2.exe
This one clarifies the TLS usage a bit, pretty much pointing people
to the ESX page on the main website for ESX details.
It also makes the update of the system path optional. The way the
option is constructed leaves a bit to be desired, but is functional.
I would have preferred a checkbox that was separate from the other
components, but it didn't seem possible without spending a substantial
amount of time learning inner NSIS bits. (ugh)
Submitted an update for the Windows page to point to it, so if/when
that gets ACK'd it'll be available to more people. Will send an announce
email to the various mailing lists too.
Another thing is that the installer adds the bin directory to the
path
unconditionally. I'd suggest to ask to let the user choose this, for
example like the msysGit InnoSetup-based installer does.
InnoSetup (
http://www.jrsoftware.org/isinfo.php for anyone interested)
looks more capable than NSIS, and seems to still be actively updated.
NSIS's seems to have pretty much died. I'm still thinking WiX or something
would be the better option for the longer term though.
+ Justin