Currently we only describe setting the CN field for server certs. This leads
to inevitable pain for users who set it to the fully qualified hostname and
then use a unqualified hostname or IP address to connect in the URI. Describe
the usage of Subject Alt Name extensions, to provide multiple hostnames and
IP addresses. This will help users avoid the classic mistake and is important
future proofing, since at least in browsers, TLS libraries no longer use the
CN field for validation, mandating use of SAN info instead.
Reviewed-by: John Ferlan <jferlan@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The HTML5 doctype is simply
<!DOCTYPE html>
no DTD is present because HTML5 is no longer defined as an
extension of SGML.
XSL has no way to natively output a doctype without a public
or system identifier, so we have to use an <xsl:text> hack
instead.
See also
https://dev.w3.org/html5/html-author/#doctype-declaration
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
The 'name' attribute on <a...> elements is deprecated in favour
of the 'id' attribute which is allowed on any element. HTML5
drops 'name' support entirely.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Since we do have this template at hand, why not using it wherever
possible (list of supported pool types and remote access section).
Also, perform some stylistic micro adjustments.
Signed-off-by: Erik Skultety <eskultet@redhat.com>
Implement in virtNetClient and VirNetSocket the needed functions to
expose a new libssh transport, providing all the options that the
libssh2 transport supports.
This reverts commit 1f29f3da06.
Assuming <dt> is always used to document symbols is way too
broad, requiring far too many exemptions to be marked to
avoid syntax check rules.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Add support for a "tls_priority" URI parameter in remote
driver URIs. eg
qemu+tls://localhost/session?tls_priority=NORMAL:-VERS-SSL3.0
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Commit 61b070cf20 cleaned up a number of cases where the <dt>
element was used to document symbols, but the symbol itself was
not inside a <code> element.
To make sure we don't end up having to clean up again a few
months from now, introduce a syntax-check rule that can spot
such mistakes.
All existing exceptions are marked as such, with either file
or line granularity depending on the case.
The rule generating the HTML docs passing the --html flag
to xsltproc. This makes it use the legacy HTML parser, which
either ignores or tries to fix all sorts of broken XML tags.
There's no reason why we should be writing broken XML in
the first place, so removing --html and adding the XHTML
doctype to all files forces us to create good XML.
This adds the XHTML doc type and fixes many, many XML tag
problems it exposes.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
* Don't advertise information on the network without consent of
the user, either through manual configuration, or a user
interface that drives this option.
* Since libvirtd must be configured for network access anyway
(for all but ssh), this setting was not useful "out of the box",
so changing this default setting does not remove "out of the box"
functionality.
* remote.html.in: Remove obsolete notes about internals of the
RPC protocol
* internals/rpc.html.in: Extensive docs on RPC protocol/API
* sitemap.html.in: Add new page
Set StrictHostKeyChecking=no to auto-accept new ssh host keys if the
no_verify extra parameter was specified. This won't disable host key
checking for already known hosts. Includes a test and documentation.
Update the documentation to mention that the CA certificate and the
client cert/key pair can come from the user's location or the global
location independent of each other.
Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
* docs/pki_check.sh: Move to tool/virt-pki-validate.in and add
in POD man page documentation
* tools/.gitignore: Ignore generated virt-pki-validate file
* tools/Makefile.am: Install & build virt-pki-validate and
virt-pki-validate.1
* docs/remote.html, docs/remote.html.in: Refer to new tool
name virt-pki-validate
* libvirt.spec.in, mingw32-libvirt.spec.in: Add virt-pki-validate
and virt-pki-validate.1 to files list