On Fri, Jan 24, 2020 at 2:15 PM Arnaud Patard wrote:
> Christian Ehrhardt writes:
>
> > On Thu, Dec 5, 2019 at 6:25 PM Arnaud Patard
> wrote:
> >
> >> When emulating smartcard with host certificates, qemu needs to
> >> be able to read the certificates files. Add necessary code to
> >> add the
Zhangbo (Oscar) 将撤回邮件“[PATCH 6/6] docs: update virt-admin.rst for
server-update-tls”。
Zhangbo (Oscar) 将撤回邮件“[PATCH 5/6] virt-admin: Introduce command srv-update-tls”。
Zhangbo (Oscar) 将撤回邮件“[PATCH 1/6] virnettlscontext: refactoring
virNetTLSContextLoadCredentials”。
The server needs to use CA certificate, CRL, server certificate/key to
complete the TLS handshake. If these files change, we need to restart
libvirtd for them to take effect. This API can update the TLS context
without restarting libvirtd.
---
include/libvirt/libvirt-admin.h | 4
Zhangbo (Oscar) 将撤回邮件“[PATCH 4/6] admin: support server cert update mode”。
When a client wants to establish a TLS connection with libvirtd, a CRL
file, CA cert and server cert/key are used. Right
now, if these files are changed, you must restart libvirtd to make them
take effect. The restart behavior of libvirtd will cause clients
connecting with libvirtd to fail.
In a
virAdmServerUpdateTlsFiles:
@flags specifies how to update server cert/key in tls service.
Two modes are currently supported: append mode and clear mode, means
whether to clear the original cert then add the new one, or just append
to the original one.
---
include/libvirt/libvirt-admin.h | 14
Encapsulate the code for setting TLS-related files into functions,
which is convenient for other modules to call.
---
src/rpc/virnettlscontext.c | 135 ++---
1 file changed, 82 insertions(+), 53 deletions(-)
diff --git a/src/rpc/virnettlscontext.c
Zhangbo (Oscar) 将撤回邮件“[PATCH 3/6] admin: Introduce virAdmServerUpdateTlsFiles”。
Zhangbo (Oscar) 将撤回邮件“[PATCH 2/6] virnetserver: Introduce
virNetServerUpdateTlsFiles”。
wire-up virAdmServerUpdateTlsFiles API into virt-admin client.
---
tools/virt-admin.c | 88 ++
1 file changed, 88 insertions(+)
diff --git a/tools/virt-admin.c b/tools/virt-admin.c
index 32edfe5757..85235ae03d 100644
--- a/tools/virt-admin.c
+++
Add an API to update server's tls context before admin method can be
introduced.
---
include/libvirt/libvirt-admin.h | 8
src/libvirt_remote.syms | 1 +
src/rpc/virnetserver.c | 72 +
src/rpc/virnetserver.h | 3 ++
Update the manpage for the 'server-update-tls' command
---
docs/manpages/virt-admin.rst | 21 +
1 file changed, 21 insertions(+)
diff --git a/docs/manpages/virt-admin.rst b/docs/manpages/virt-admin.rst
index 51c3d3917e..e19d1f1577 100644
--- a/docs/manpages/virt-admin.rst
+++
Zhangbo (Oscar) 将撤回邮件“[PATCH 0/6] update tls files without restarting libvirtd”。
wire-up virAdmServerUpdateTlsFiles API into virt-admin client.
---
tools/virt-admin.c | 88 ++
1 file changed, 88 insertions(+)
diff --git a/tools/virt-admin.c b/tools/virt-admin.c
index 32edfe5757..85235ae03d 100644
--- a/tools/virt-admin.c
+++
Update the manpage for the 'server-update-tls' command
---
docs/manpages/virt-admin.rst | 21 +
1 file changed, 21 insertions(+)
diff --git a/docs/manpages/virt-admin.rst b/docs/manpages/virt-admin.rst
index 51c3d3917e..e19d1f1577 100644
--- a/docs/manpages/virt-admin.rst
+++
virAdmServerUpdateTlsFiles:
@flags specifies how to update server cert/key in tls service.
Two modes are currently supported: append mode and clear mode, means
whether to clear the original cert then add the new one, or just append
to the original one.
---
include/libvirt/libvirt-admin.h | 14
The server needs to use CA certificate, CRL, server certificate/key to
complete the TLS handshake. If these files change, we need to restart
libvirtd for them to take effect. This API can update the TLS context
without restarting libvirtd.
---
include/libvirt/libvirt-admin.h | 4
Encapsulate the code for setting TLS-related files into functions,
which is convenient for other modules to call.
---
src/rpc/virnettlscontext.c | 135 ++---
1 file changed, 82 insertions(+), 53 deletions(-)
diff --git a/src/rpc/virnettlscontext.c
Add an API to update server's tls context before admin method can be
introduced.
---
include/libvirt/libvirt-admin.h | 8
src/libvirt_remote.syms | 1 +
src/rpc/virnetserver.c | 72 +
src/rpc/virnetserver.h | 3 ++
When a client wants to establish a TLS connection with libvirtd, a CRL
file, CA cert and server cert/key are used. Right
now, if these files are changed, you must restart libvirtd to make them
take effect. The restart behavior of libvirtd will cause clients
connecting with libvirtd to fail.
In a
22 matches
Mail list logo