Re: [Qemu-devel] [PATCH v5 3/9] crypto: introduce new base module for TLS credentials

Wed, 26 Aug 2015 09:58:06 -0700 

On 08/26/2015 09:05 AM, Daniel P. Berrange wrote:
> Introduce a QCryptoTLSCreds class to act as the base class for
> storing TLS credentials. This will be later subclassed to provide
> handling of anonymous and x509 credential types. The subclasses
> will be user creatable objects, so instances can be created &
> deleted via 'object-add' and 'object-del' QMP commands respectively,
> or via the -object command line arg.
> 
> If the credentials cannot be initialized an error will be reported
> as a QMP reply, or on stderr respectively.
> 
> The idea is to make it possible to represent and manage TLS
> credentials independently of the network service that is using
> them. This will enable multiple services to use the same set of
> credentials and minimize code duplication. A later patch will
> convert the current VNC server TLS code over to use this object.
> 
> The representation of credentials will be functionally equivalent
> to that currently implemented in the VNC server with one exception.
> The new code has the ability to (optionally) load a pre-generated
> set of diffie-hellman parameters, if the file dh-params.pem exists,
> whereas the current VNC server will always generate them on startup.
> This is beneficial for admins who wish to avoid the (small) time
> sink of generating DH parameters at startup and/or avoid depleting
> entropy.
> 
> Signed-off-by: Daniel P. Berrange <berra...@redhat.com>
> ---


> +++ b/qapi/crypto.json
> @@ -0,0 +1,20 @@
> +# -*- Mode: Python -*-
> +#
> +# QAPI crypto definitions
> +
> +##
> +# QCryptoTLSCredsEndpoint:
> +#
> +# The type of network endpoint that will be using the credentials.
> +# Most types of credential require different setup / structures
> +# depending on whether they will be used in a server vs a client.

I'm not sure if 'vs.' is more common than 'vs' when abbreviating
'versus'; or you could skip the debate by s/vs/or/

Reviewed-by: Eric Blake <ebl...@redhat.com>

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to