[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v4 2/7] crypto: introduce new module for TLS ano
|
From: |
Daniel P. Berrange |
|
Subject: |
Re: [Qemu-devel] [PATCH v4 2/7] crypto: introduce new module for TLS anonymous credentials |
|
Date: |
Wed, 26 Aug 2015 15:49:46 +0100 |
|
User-agent: |
Mutt/1.5.23 (2014-03-12) |
On Mon, Aug 24, 2015 at 02:46:30PM -0600, Eric Blake wrote:
> On 08/24/2015 08:14 AM, Daniel P. Berrange wrote:
> > Introduce a QCryptoTLSCredsAnon class which is used to
> > manage anonymous TLS credentials. Use of this class is
> > generally discouraged since it does not offer strong
> > security, but it is required for backwards compatibility
> > with the current VNC server implementation.
> >
> > Simple example CLI configuration:
> >
> > $QEMU -object tls-creds-anon,id=tls0,endpoint=server
> >
> > Example using pre-created diffie-hellman parameters
> >
> > $QEMU -object tls-creds-anon,id=tls0,endpoint=server,\
> > dir=/path/to/creds/dir
> >
> > The 'id' value in the -object args will be used to associate the
> > credentials with the network services. For eample, when the VNC
>
> s/eample/example/
>
> > server is later converted it would use
> >
> > $QEMU -object tls-creds-anon,id=tls0,.... \
> > -vnc 127.0.0.1:1,tls-creds=tls0
> >
> > Signed-off-by: Daniel P. Berrange <address@hidden>
> > ---
>
> > +++ b/crypto/init.c
> > @@ -20,6 +20,7 @@
> >
> > #include "crypto/init.h"
> > #include "crypto/tlscreds.h"
> > +#include "crypto/tlscredsanon.h"
> > #include "qemu/thread.h"
> >
> > #ifdef CONFIG_GNUTLS
> > @@ -144,6 +145,7 @@ int qcrypto_init(Error **errp)
> > * clever enough to see the constructor :-(
> > */
> > qcrypto_tls_creds_dummy();
> > + qcrypto_tls_creds_anon_dummy();
>
> Are there any gcc hacks such as adding __attribute__((used)) that might
> help?
I finally figured out that we can use -Wl,--whole-archive when
linking to libqemuutil.a to fix this properly.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
- [Qemu-devel] [PATCH v4 0/7] Extract TLS handling code from VNC server, Daniel P. Berrange, 2015/08/24
- [Qemu-devel] [PATCH v4 2/7] crypto: introduce new module for TLS anonymous credentials, Daniel P. Berrange, 2015/08/24
- [Qemu-devel] [PATCH v4 1/7] crypto: introduce new base module for TLS credentials, Daniel P. Berrange, 2015/08/24
- [Qemu-devel] [PATCH v4 3/7] crypto: introduce new module for TLS x509 credentials, Daniel P. Berrange, 2015/08/24
- [Qemu-devel] [PATCH v4 7/7] ui: convert VNC server to use QCryptoTLSSession, Daniel P. Berrange, 2015/08/24
- [Qemu-devel] [PATCH v4 6/7] ui: fix return type for VNC I/O functions to be ssize_t, Daniel P. Berrange, 2015/08/24
- [Qemu-devel] [PATCH v4 5/7] crypto: introduce new module for handling TLS sessions, Daniel P. Berrange, 2015/08/24
- [Qemu-devel] [PATCH v4 4/7] crypto: add sanity checking of TLS x509 credentials, Daniel P. Berrange, 2015/08/24