[libvirt] [PATCH v3] libvirtd: clarify the TLS conf default value setting

Chen Hanxiao posted 1 patch 6 years, 2 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20180121143934.18608-1-chen_han_xiao@126.com
daemon/libvirtd.conf | 14 ++++++++++++++
1 file changed, 14 insertions(+)
[libvirt] [PATCH v3] libvirtd: clarify the TLS conf default value setting
Posted by Chen Hanxiao 6 years, 2 months ago
From: Chen Hanxiao <chenhanxiao@gmail.com>

Provide more details related to the requirement that setting one
of the values requires setting all of them.

Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com>

---
v3:
  description updated follow John's comments
v2:
  fix a typo

 daemon/libvirtd.conf | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/daemon/libvirtd.conf b/daemon/libvirtd.conf
index 8e0c0d96d..91b3f47de 100644
--- a/daemon/libvirtd.conf
+++ b/daemon/libvirtd.conf
@@ -182,6 +182,20 @@
 # TLS x509 certificate configuration
 #
 
+# Use of TLS requires that x509 certificates be issued. The default locations
+# for the certificate files is as follows:
+#
+#   /etc/pki/CA/cacert.pem                 - The CA master certificate
+#   /etc/pki/libvirt/servercert.pem        - The server certificate signed with
+#                                            the cacert.pem
+#   /etc/pki/libvirt/private/serverkey.pem - The server private key
+#
+# It is possible to override the default locations by altering the 'key_file',
+# 'cert_file', and 'ca_file' values and uncommenting them below.
+#
+# NB, overriding the default of one location requires uncommenting and
+# possibly additionally overriding the other settings.
+#
 
 # Override the default server key file path
 #
-- 
2.14.3

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH v3] libvirtd: clarify the TLS conf default value setting
Posted by John Ferlan 6 years, 2 months ago

On 01/21/2018 09:39 AM, Chen Hanxiao wrote:
> From: Chen Hanxiao <chenhanxiao@gmail.com>
> 
> Provide more details related to the requirement that setting one
> of the values requires setting all of them.
> 
> Signed-off-by: Chen Hanxiao <chenhanxiao@gmail.com>
> 
> ---
> v3:
>   description updated follow John's comments
> v2:
>   fix a typo
> 
>  daemon/libvirtd.conf | 14 ++++++++++++++
>  1 file changed, 14 insertions(+)
> 

Reviewed-by: John Ferlan <jferlan@redhat.com>

John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list