On 28/01/2011, at 1:08 AM, Osier Yang wrote:
* docs/remote.html.in
---
docs/remote.html.in | 29 +++++++++++++++++++++++++++++
1 files changed, 29 insertions(+), 0 deletions(-)
diff --git a/docs/remote.html.in b/docs/remote.html.in
index b0fdb7c..51afa07 100644
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -308,6 +308,21 @@ Note that parameter values must be
<td colspan="2"/>
<td> Example: <code>no_tty=1</code> </td>
</tr>
+ <tr>
+ <td>
+ <code>pkipath</code>
+ </td>
+ <td> tls</td>
+ <td>
+ Specifies x509 certificates path for the client. if any of the
+ CA certificate, client certificate, and client key is missing,
+ the connection will fail with a fatal error.
Not sure if this is an emailer problem or something, but the indentation
of the text isn't correct. It needs to be two spaces in from the opening
tag. i.e:
<td> <-- lets say this starts at 2 spaces in
Specified x509 certificates path... <--- so this would start 4 spaces in
</td> <-- starts 2 spaces in again
+ </td>
+ </tr>
+ <tr>
+ <td colspan="2"/>
+ <td> Example: <code>pkipath=/tmp/pki/client</code>
</td>
+ </tr>
</table>
<h3>
<a name="Remote_certificates">Generating TLS
certificates</a>
@@ -372,6 +387,20 @@ next section.
</td>
</tr>
</table>
+ <p>
+If 'pkipath' is specified in URI, then all the client certificates must
+be found in the path specified, otherwise the connection will fail with
+a fatal error. If 'pkipath' is not specified:
Same here.
+ </p>
+ <ul>
+ <li> For a non-root user, libvirt tries to find the certificates
+in $HOME/.pki/libvirt. If any of the required certificates can not be
+found, then the global default locations (/etc/pki/CA/cacert.pem,
+/etc/pki/libvirt/private/clientkey, /etc/pki/libvirt/clientcert.pem) will
+be used.
And here.
+ </li>
+ <li> For the root user, the global default locations will be
used.</li>
+ </ul>
<h4>
<a name="Remote_TLS_background">Background to TLS
certificates</a>
</h4>
ACK, with the indentation bits fixed. :)