[PATCH 1/3] qemu: fix order of VNC TLS config entries

Daniel P . Berrangé via Devel Fri, 18 Jul 2025 05:06:20 -0700

From: Daniel P. Berrangé <berra...@redhat.com>

For TLS config parameters, the 'verify' option always comes before the
'secret_uuid' option, except in the VNC case which has them reversed.


Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
---
 src/qemu/libvirtd_qemu.aug         |  2 +-
 src/qemu/qemu.conf.in              | 12 ++++++------
 src/qemu/test_libvirtd_qemu.aug.in |  2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/qemu/libvirtd_qemu.aug b/src/qemu/libvirtd_qemu.aug
index e1e479d72c..d36baed6fc 100644
--- a/src/qemu/libvirtd_qemu.aug
+++ b/src/qemu/libvirtd_qemu.aug
@@ -35,8 +35,8 @@ module Libvirtd_qemu =
                  | bool_entry "vnc_auto_unix_socket"
                  | bool_entry "vnc_tls"
                  | str_entry "vnc_tls_x509_cert_dir"
-                 | str_entry "vnc_tls_x509_secret_uuid"
                  | bool_entry "vnc_tls_x509_verify"
+                 | str_entry "vnc_tls_x509_secret_uuid"
                  | str_entry "vnc_password"
                  | bool_entry "vnc_sasl"
                  | str_entry "vnc_sasl_dir"
diff --git a/src/qemu/qemu.conf.in b/src/qemu/qemu.conf.in
index 6358a45ae2..9bb52b5927 100644
--- a/src/qemu/qemu.conf.in
+++ b/src/qemu/qemu.conf.in
@@ -101,12 +101,6 @@
 #vnc_tls_x509_cert_dir = "/etc/pki/libvirt-vnc"
 
 
-# Uncomment and use the following option to override the default secret
-# UUID provided in the default_tls_x509_secret_uuid parameter.
-#
-#vnc_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
-
-
 # The default TLS configuration only uses certificates for the server
 # allowing the client to verify the server's identity and establish
 # an encrypted channel.
@@ -125,6 +119,12 @@
 #vnc_tls_x509_verify = 1
 
 
+# Uncomment and use the following option to override the default secret
+# UUID provided in the default_tls_x509_secret_uuid parameter.
+#
+#vnc_tls_x509_secret_uuid = "00000000-0000-0000-0000-000000000000"
+
+
 # The default VNC password. Only 8 bytes are significant for
 # VNC passwords. This parameter is only used if the per-domain
 # XML config does not already provide a password. To allow
diff --git a/src/qemu/test_libvirtd_qemu.aug.in 
b/src/qemu/test_libvirtd_qemu.aug.in
index 88d1a6aca1..e461fcc9df 100644
--- a/src/qemu/test_libvirtd_qemu.aug.in
+++ b/src/qemu/test_libvirtd_qemu.aug.in
@@ -9,8 +9,8 @@ module Test_libvirtd_qemu =
 { "vnc_auto_unix_socket" = "1" }
 { "vnc_tls" = "1" }
 { "vnc_tls_x509_cert_dir" = "/etc/pki/libvirt-vnc" }
-{ "vnc_tls_x509_secret_uuid" = "00000000-0000-0000-0000-000000000000" }
 { "vnc_tls_x509_verify" = "1" }
+{ "vnc_tls_x509_secret_uuid" = "00000000-0000-0000-0000-000000000000" }
 { "vnc_password" = "XYZ12345" }
 { "vnc_sasl" = "1" }
 { "vnc_sasl_dir" = "/some/directory/sasl2" }
-- 
2.50.1

[PATCH 1/3] qemu: fix order of VNC TLS config entries

Reply via email to