[libvirt] [PATCH v4 04/10] qemu: Update the TLS client verify descriptions for vnc and chardev
Update the descriptions to match the migrate option.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/qemu/qemu.conf | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index a609aa4..e6c0832 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -90,10 +90,12 @@
# an encrypted channel.
#
# It is possible to use x509 certificates for authentication too, by
-# issuing a x509 certificate to every client who needs to connect.
+# issuing an x509 certificate to every client who needs to connect.
#
-# Enabling this option will reject any client who does not have a
-# certificate signed by the CA in /etc/pki/libvirt-vnc/ca-cert.pem
+# Enabling this option will reject any client that does not have a
+# ca-cert.pem certificate signed by the CA in the vnc_tls_x509_cert_dir
+# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem
+# files described in default_tls_x509_cert_dir.
#
# If this option is not supplied, it will be set to the value of
# "default_tls_x509_verify".
@@ -225,10 +227,15 @@
# an encrypted channel.
#
# It is possible to use x509 certificates for authentication too, by
-# issuing a x509 certificate to every client who needs to connect.
+# issuing an x509 certificate to every client who needs to connect.
#
-# Enabling this option will reject any client who does not have a
-# certificate signed by the CA in /etc/pki/libvirt-chardev/ca-cert.pem
+# Enabling this option will reject any client that does not have a
+# ca-cert.pem certificate signed by the CA in the chardev_tls_x509_cert_dir
+# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem
+# files described in default_tls_x509_cert_dir.
+#
+# If this option is not supplied, it will be set to the value of
+# "default_tls_x509_verify".
#
#chardev_tls_x509_verify = 1
--
2.9.3