[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v5 3/9] crypto: introduce new base module for TL
|
From: |
Eric Blake |
|
Subject: |
Re: [Qemu-devel] [PATCH v5 3/9] crypto: introduce new base module for TLS credentials |
|
Date: |
Wed, 26 Aug 2015 10:56:07 -0600 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 |
On 08/26/2015 09:05 AM, Daniel P. Berrange wrote:
> Introduce a QCryptoTLSCreds class to act as the base class for
> storing TLS credentials. This will be later subclassed to provide
> handling of anonymous and x509 credential types. The subclasses
> will be user creatable objects, so instances can be created &
> deleted via 'object-add' and 'object-del' QMP commands respectively,
> or via the -object command line arg.
>
> If the credentials cannot be initialized an error will be reported
> as a QMP reply, or on stderr respectively.
>
> The idea is to make it possible to represent and manage TLS
> credentials independently of the network service that is using
> them. This will enable multiple services to use the same set of
> credentials and minimize code duplication. A later patch will
> convert the current VNC server TLS code over to use this object.
>
> The representation of credentials will be functionally equivalent
> to that currently implemented in the VNC server with one exception.
> The new code has the ability to (optionally) load a pre-generated
> set of diffie-hellman parameters, if the file dh-params.pem exists,
> whereas the current VNC server will always generate them on startup.
> This is beneficial for admins who wish to avoid the (small) time
> sink of generating DH parameters at startup and/or avoid depleting
> entropy.
>
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
> +++ b/qapi/crypto.json
> @@ -0,0 +1,20 @@
> +# -*- Mode: Python -*-
> +#
> +# QAPI crypto definitions
> +
> +##
> +# QCryptoTLSCredsEndpoint:
> +#
> +# The type of network endpoint that will be using the credentials.
> +# Most types of credential require different setup / structures
> +# depending on whether they will be used in a server vs a client.
I'm not sure if 'vs.' is more common than 'vs' when abbreviating
'versus'; or you could skip the debate by s/vs/or/
Reviewed-by: Eric Blake <address@hidden>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
- [Qemu-devel] [PATCH v5 0/9] Extract TLS handling code from VNC server, Daniel P. Berrange, 2015/08/26
- [Qemu-devel] [PATCH v5 2/9] make: ensure all members of libqemuutil.a are linked, Daniel P. Berrange, 2015/08/26
- [Qemu-devel] [PATCH v5 3/9] crypto: introduce new base module for TLS credentials, Daniel P. Berrange, 2015/08/26
- Re: [Qemu-devel] [PATCH v5 3/9] crypto: introduce new base module for TLS credentials,
Eric Blake <=
- [Qemu-devel] [PATCH v5 1/9] qapi: allow override of default enum prefix naming, Daniel P. Berrange, 2015/08/26
- [Qemu-devel] [PATCH v5 5/9] crypto: introduce new module for TLS x509 credentials, Daniel P. Berrange, 2015/08/26
- [Qemu-devel] [PATCH v5 8/9] ui: fix return type for VNC I/O functions to be ssize_t, Daniel P. Berrange, 2015/08/26
- [Qemu-devel] [PATCH v5 4/9] crypto: introduce new module for TLS anonymous credentials, Daniel P. Berrange, 2015/08/26
- [Qemu-devel] [PATCH v5 7/9] crypto: introduce new module for handling TLS sessions, Daniel P. Berrange, 2015/08/26