External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-20 07:59:00 +00:00
Code

qemu: Always assume presence of QEMU_CAPS_OBJECT_TLS_CREDS_X509

Browse Source 
The 'tls-creds-x509' object is always registered even when qemu is built
without gnutls for all supported qemu versions. This means we cannot
probe for its support and thus simplify the code using TLS.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa 2021-09-23 10:01:45 +02:00
parent 54d43e3619
commit 18de1d7621
4 changed files with 5 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/qemu/qemu_command.c
View File

@ -767,15 +767,9 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
bool verifypeer,
const char *alias,
const char *secalias,
virQEMUCaps *qemuCaps,
virQEMUCaps *qemuCaps G_GNUC_UNUSED,
virJSONValue **propsret)
{
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("tls-creds-x509 not supported in this QEMU binary"));
return -1;
}
if (qemuMonitorCreateObjectProps(propsret, "tls-creds-x509", alias,
"s:dir", tlspath,
"s:endpoint", (isListen ? "server": "client"),

4
src/qemu/qemu_domain.c
View File

@ -1406,15 +1406,11 @@ qemuDomainSecretGraphicsPrepare(virQEMUDriverConfig *cfg,
qemuDomainObjPrivate *priv,
virDomainGraphicsDef *graphics)
{
virQEMUCaps *qemuCaps = priv->qemuCaps;
qemuDomainGraphicsPrivate *gfxPriv = QEMU_DOMAIN_GRAPHICS_PRIVATE(graphics);
if (graphics->type != VIR_DOMAIN_GRAPHICS_TYPE_VNC)
return 0;
if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509))
return 0;
if (!cfg->vncTLS)
return 0;

13
src/qemu/qemu_validate.c
View File

@ -1083,7 +1083,6 @@ qemuValidateDomainDef(const virDomainDef *def,
void *parseOpaque)
{
virQEMUDriver *driver = opaque;
g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
g_autoptr(virQEMUCaps) qemuCapsLocal = NULL;
virQEMUCaps *qemuCaps = parseOpaque;
size_t i;
@ -1218,18 +1217,6 @@ qemuValidateDomainDef(const virDomainDef *def,
if (qemuValidateDomainDefConsole(def, qemuCaps) < 0)
return -1;
if (cfg->vncTLS && cfg->vncTLSx509secretUUID &&
!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) {
for (i = 0; i < def->ngraphics; i++) {
if (def->graphics[i]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("encrypted VNC TLS keys are not supported with "
"this QEMU binary"));
return -1;
}
}
}
for (i = 0; i < def->nsysinfo; i++) {
if (qemuValidateDomainDefSysinfo(def->sysinfo[i]) < 0)
return -1;

12
tests/qemuxml2argvtest.c
View File

@ -1660,22 +1660,18 @@ mymain(void)
QEMU_CAPS_DEVICE_ISA_SERIAL);
driver.config->chardevTLS = 1;
DO_TEST("serial-tcp-tlsx509-chardev",
QEMU_CAPS_DEVICE_ISA_SERIAL,
QEMU_CAPS_OBJECT_TLS_CREDS_X509);
QEMU_CAPS_DEVICE_ISA_SERIAL);
driver.config->chardevTLSx509verify = 1;
DO_TEST("serial-tcp-tlsx509-chardev-verify",
QEMU_CAPS_DEVICE_ISA_SERIAL,
QEMU_CAPS_OBJECT_TLS_CREDS_X509);
QEMU_CAPS_DEVICE_ISA_SERIAL);
driver.config->chardevTLSx509verify = 0;
DO_TEST("serial-tcp-tlsx509-chardev-notls",
QEMU_CAPS_DEVICE_ISA_SERIAL,
QEMU_CAPS_OBJECT_TLS_CREDS_X509);
QEMU_CAPS_DEVICE_ISA_SERIAL);
VIR_FREE(driver.config->chardevTLSx509certdir);
driver.config->chardevTLSx509certdir = g_strdup("/etc/pki/libvirt-chardev");
driver.config->chardevTLSx509secretUUID = g_strdup("6fd3f62d-9fe7-4a4e-a869-7acd6376d8ea");
DO_TEST("serial-tcp-tlsx509-secret-chardev",
QEMU_CAPS_DEVICE_ISA_SERIAL,
QEMU_CAPS_OBJECT_TLS_CREDS_X509);
QEMU_CAPS_DEVICE_ISA_SERIAL);
driver.config->chardevTLS = 0;
VIR_FREE(driver.config->chardevTLSx509certdir);
DO_TEST("serial-many-chardev",