On 11/13/20 9:01 AM, Peter Krempa wrote:
The migration stream connection and also the NBD server for
non-shared
storage migration don't have any other form of client authentication on
top of the TLS transport, so the only way to authenticate clients is to
verify their certificate.
Enable this option by defauilt when both 'migrate_tls_x509_verify' and
'default_tls_x509_verify' were not configured.
Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=1879477
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/qemu/qemu.conf | 3 ++-
src/qemu/qemu_conf.c | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 8a1a50d664..d621dad53b 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -385,7 +385,8 @@
# CA in the migrate_tls_x509_cert_dir (or default_tls_x509_cert_dir).
#
# If this option is not supplied, it will be set to the value of
-# "default_tls_x509_verify".
+# "default_tls_x509_verify". If "default_tls_x509_verify" is not
supplied
+# either the default is "1".
s/either/either,/
Reviewed-by: Eric Blake <eblake(a)redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization:
qemu.org |
libvirt.org