On 10/18/2016 02:27 AM, Pavel Hrdina wrote:
>> "As default behaviour I think it is desirable that we can turn TLS on
>> for every VM at once - I tend to view it as a host network integration
>> task, rather than a VM configuration task. Same rationale that we use
>> for TLS wth VNC/SPICE."
> Don't forget this part of the same review:
> "There's no reason we can't have a tri-state TLS flag against the chardev
> in the XML too, to override the default behaviour of cfg->chardevTLS"
> That also means to override chardev_tls = "0" by "tls='yes'".
If the default cfg behaviour is "1", then that tells us "someone" has
set up the TLS environment and thus the domain/chardev override would be
If the default cfg behaviour is "0", then that means we cannot guarantee
the environment necessary has been set up and we cannot allow the
domain/chardev setting to enable TLS.
libvir-list mailing list