[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 3/3] ui: fix VNC websockets TLS integration
From: |
Gerd Hoffmann |
Subject: |
Re: [Qemu-devel] [PATCH 3/3] ui: fix VNC websockets TLS integration |
Date: |
Tue, 17 Mar 2015 11:54:33 +0100 |
On Di, 2015-03-17 at 10:33 +0000, Daniel P. Berrange wrote:
> On Tue, Mar 17, 2015 at 08:36:40AM +0100, Gerd Hoffmann wrote:
> > Hi,
> >
> > > - Separate VNC auth scheme is tracked for websockets server,
> > > since it makes no sense to try to use VeNCrypt over a TLS
> > > enabled websockets connection.
> >
> > Hmm. That is a problem for the QAPI, the auth scheme is linked to the
> > vnc server not the socket.
>
> It seems straightforward enough to just do this:
>
> diff --git a/qapi-schema.json b/qapi-schema.json
> index d7c3eec..3362956 100644
> --- a/qapi-schema.json
> +++ b/qapi-schema.json
> @@ -808,6 +808,7 @@
> 'clients' : ['VncClientInfo'],
> 'auth' : 'VncPrimaryAuth',
> '*vencrypt' : 'VncVencryptSubAuth',
> + '*ws-auth' : 'VncPrimaryAuth',
> '*display' : 'str' } }
>
> And document that 'ws-auth' is used if server->websocket == true
When doing it this way we probably want add '*ws-tls' : 'bool' too.
I'm fine either way (adding both or -- given the fixed scheme mapping we
have -- none). Pick whatever suits libvirt best.
cheers,
Gerd
[Qemu-devel] [PATCH 2/3] ui: replace printf() calls with VNC_DEBUG, Daniel P. Berrange, 2015/03/16
[Qemu-devel] [PATCH 1/3] ui: remove unused 'wiremode' variable in VncState struct, Daniel P. Berrange, 2015/03/16