On 11/24/2015 08:02 AM, Daniel P. Berrange wrote: > Make use of the QCryptoSecret object to support loading of > encrypted x509 keys. The optional 'passwordid' parameter > to the tls-creds-x509 object type, provides the ID of a > secret object instance that holds the decryption password > for the PEM file. > > # printf "123456" > mypasswd.txt > # $QEMU \ > -object secret,id=sec0,filename=mypasswd.txt \ > -object tls-creds-x509,passwordid=sec0,id=creds0,\ > dir=/home/berrange/.pki/qemu,endpoint=server \ > -vnc :1,tls-creds=creds0 > > This requires QEMU to be linked to GNUTLS >= 3.1.11. If > GNUTLS is too old an error will be reported if an attempt > is made to pass a decryption password. > > Signed-off-by: Daniel P. Berrange <berra...@redhat.com> > --- > crypto/tlscredsx509.c | 47 > +++++++++++++++++++++++++++++++++++++++++++ > include/crypto/tlscredsx509.h | 1 + > qemu-options.hx | 8 +++++++- > 3 files changed, 55 insertions(+), 1 deletion(-)
Reviewed-by: Eric Blake <ebl...@redhat.com> -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
