On 08/24/2015 08:14 AM, Daniel P. Berrange wrote: > Introduce a QCryptoTLSCredsAnon class which is used to > manage anonymous TLS credentials. Use of this class is > generally discouraged since it does not offer strong > security, but it is required for backwards compatibility > with the current VNC server implementation. > > Simple example CLI configuration: > > $QEMU -object tls-creds-anon,id=tls0,endpoint=server > > Example using pre-created diffie-hellman parameters > > $QEMU -object tls-creds-anon,id=tls0,endpoint=server,\ > dir=/path/to/creds/dir > > The 'id' value in the -object args will be used to associate the > credentials with the network services. For eample, when the VNC
s/eample/example/
> server is later converted it would use
>
> $QEMU -object tls-creds-anon,id=tls0,.... \
> -vnc 127.0.0.1:1,tls-creds=tls0
>
> Signed-off-by: Daniel P. Berrange <berra...@redhat.com>
> ---
> +++ b/crypto/init.c
> @@ -20,6 +20,7 @@
>
> #include "crypto/init.h"
> #include "crypto/tlscreds.h"
> +#include "crypto/tlscredsanon.h"
> #include "qemu/thread.h"
>
> #ifdef CONFIG_GNUTLS
> @@ -144,6 +145,7 @@ int qcrypto_init(Error **errp)
> * clever enough to see the constructor :-(
> */
> qcrypto_tls_creds_dummy();
> + qcrypto_tls_creds_anon_dummy();
Are there any gcc hacks such as adding __attribute__((used)) that might
help?
> +++ b/crypto/tlscredsanon.c
> @@ -0,0 +1,235 @@
> +/* #define QCRYPTO_DEBUG */
> +
> +#ifdef QCRYPTO_DEBUG
> +#define DPRINTF(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while
> (0)
> +#else
> +#define DPRINTF(fmt, ...) do { } while (0)
> +#endif
Again, please rework this to avoid bitrot when debug is off (I'll quit
pointing it out, but suspect it to be a common problem in this series)
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
