Re: [libvirt] [PATCH v9 4/4] qemu: Add TLS support for Veritas HyperScale (VxHS)

>>> >>> static int >>> +qemuDomainAddDiskSrcTLSObject(virQEMUDriverPtr driver, >>> + virDomainObjPtr vm, >>> + virStorageSourcePtr src, >>> + const char *srcalias) >>> +{ >>> + int ret = -1; >>> + qemuDomainObjPrivatePtr priv = vm->privateData; >>> + virJSONValuePtr tlsProps = NULL; >>> + >>> + /* NB: Initial implementation doesn't require/use a secret to decrypt >>> + * a server certificate, so there's no need to manage a tlsSecAlias >> >> client certificate >> > > No it's the server certificate (server-key.pem) that needs the secret in > order to be decrypted. I think both can be encrypted. What I wanted to point out is that it does not make sense to refer to the server certificate in terms of disks since they are clients only.