Hi all,
According to qemu docs [1], TLS parameters are specified as an object in the QEMU command line:
-object tls-creds-x509,id=id,endpoint=endpoint,dir=/path/to/cred/dir ...
of which "endpoint" is a type of "QCryptoTLSCredsEndpoint" and can be either a "server" or a "client".
I'd like to know:
- When a VM is started with this config, is there a way (e.g. QMP) to change the value of "endpoint"?
If possible, how to do this? or else after the first migration of a VM, the VM has "endpoint=server",
which can't be migrated without stop / start.
- In which case does the QEMU reload its TLS certificate, e.g. when a QEMU VM has been run longer
than the valid period of its TLS certificate?
- The migration is done by using HMP monitor on both source and target side. Is it possible to do it
by using QMP commands?
[1]
https://www.qemu.org/docs/master/system/tls.html[2]
https://www.berrange.com/posts/2016/08/16/improving-qemu-security-part-7-tls-support-for-migration/Thank you so much for your reply!
Yu Zhang @ Compute Platform IONOS
06.08.2023