qemu: vnc: switch to tls-creds-x509

The tls, x509 and x509verify options were deprecated in QEMU v2.5.0: commit 3e305e4a4752f70c0b5c3cf5b43ec957881714f7 Author: Daniel P. Berrange <berrange@redhat.com> ui: convert VNC server to use QCryptoTLSSession Use the tls-creds-x509 object when available. https://bugzilla.redhat.com/show_bug.cgi?id=1598167 Signed-off-by: Ján Tomko <jtomko@redhat.com>
2025-03-20 07:59:00 +00:00 · 2018-07-17 15:10:23 +02:00 · 2018-07-17 15:10:23 +02:00 · 17f50c8260
commit 17f50c8260
parent 11b5396cea
2 changed files with 23 additions and 7 deletions
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@ -7917,13 +7917,27 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPtr cfg,
        virBufferAddLit(&opt, ",password");
    if (cfg->vncTLS) {
-        virBufferAddLit(&opt, ",tls");
+        if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) {
-        if (cfg->vncTLSx509verify) {
+            const char *alias = "vnc-tls-creds0";
-            virBufferAddLit(&opt, ",x509verify=");
+            if (qemuBuildTLSx509CommandLine(cmd,
-            virQEMUBuildBufferEscapeComma(&opt, cfg->vncTLSx509certdir);
+                                            cfg->vncTLSx509certdir,
                                            true,
                                            cfg->vncTLSx509verify,
                                            NULL,
                                            alias,
                                            qemuCaps) < 0)
                goto error;
            virBufferAsprintf(&opt, ",tls-creds=%s", alias);
        } else {
-            virBufferAddLit(&opt, ",x509=");
+            virBufferAddLit(&opt, ",tls");
-            virQEMUBuildBufferEscapeComma(&opt, cfg->vncTLSx509certdir);
+            if (cfg->vncTLSx509verify) {
                virBufferAddLit(&opt, ",x509verify=");
                virQEMUBuildBufferEscapeComma(&opt, cfg->vncTLSx509certdir);
            } else {
                virBufferAddLit(&opt, ",x509=");
                virQEMUBuildBufferEscapeComma(&opt, cfg->vncTLSx509certdir);
            }
        }
    }
--- a/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args
+++ b/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args
@ -24,7 +24,9 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
 -no-acpi \
 -boot strict=on \
 -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \
-vnc 127.0.0.1:3,tls,x509verify=/etc/pki/libvirt-vnc,sasl \
+-object tls-creds-x509,id=vnc-tls-creds0,dir=/etc/pki/libvirt-vnc,\
 endpoint=server,verify-peer=yes \
 -vnc 127.0.0.1:3,tls-creds=vnc-tls-creds0,sasl \
 -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 \
 -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\
 resourcecontrol=deny \