[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH for 2.9] migration: use "" as the default for tl
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH for 2.9] migration: use "" as the default for tls-creds/hostname |
Date: |
Wed, 15 Mar 2017 13:44:46 -0500 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 |
On 03/15/2017 11:16 AM, Daniel P. Berrange wrote:
> The tls-creds parameter has a default value of NULL indicating
> that TLS should not be used. Setting it to non-NULL enables
> use of TLS. Once tls-creds are set to a non-NULL value via the
> monitor, it isn't possible to set them back to NULL again, due
> to current implementation limitations. The empty string is not
> a valid QObject identifier, so this switches to use "" as the
> default, indicating that TLS will not be used
>
> The tls-hostname parameter has a default value of NULL indicating
> the the hostname from the migrate connection URI should be used.
> Again, once tls-hostname is set non-NULL, to override the default
> hostname for x509 cert validation, it isn't possible to reset it
> back to NULL via the monitor. The empty string is not a valid
> hostname, so this switches to use "" as the default, indicating
> that the migrate URI hostname should be used.
>
> Using "" as the default for both, also means that the monitor
> commands "info migrate_parameters" / "query-migrate-parameters"
> will report existance of tls-creds/tls-parameters even when set
> to their default values.
>
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
> migration/migration.c | 4 ++++
> migration/tls.c | 2 +-
> qapi-schema.json | 4 ++++
> 3 files changed, 9 insertions(+), 1 deletion(-)
Reviewed-by: Eric Blake <address@hidden>
And still leaves the door open to future growth if we want to add
"foo":null for resetting a value to default in 2.10.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature