The original descirption for *_tls_x509_verify is a little misleading
by saying that "Enabling this option will reject any client who does
not have a ca-cert.pem certificate".
Signed-off-by: Fangge Jin <fjin@redhat.com>
---
src/qemu/qemu.conf | 20 ++++++++------------
1 file changed, 8 insertions(+), 12 deletions(-)
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index a96bedb114..b1bd3cecbd 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -109,9 +109,8 @@
# issuing an x509 certificate to every client who needs to connect.
#
# Enabling this option will reject any client that does not have a
-# ca-cert.pem certificate signed by the CA in the vnc_tls_x509_cert_dir
-# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem
-# files described in default_tls_x509_cert_dir.
+# certificate(as described in default_tls_x509_verify) signed by the
+# CA in the vnc_tls_x509_cert_dir (or default_tls_x509_cert_dir).
#
# If this option is not supplied, it will be set to the value of
# "default_tls_x509_verify".
@@ -248,9 +247,8 @@
# issuing an x509 certificate to every client who needs to connect.
#
# Enabling this option will reject any client that does not have a
-# ca-cert.pem certificate signed by the CA in the chardev_tls_x509_cert_dir
-# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem
-# files described in default_tls_x509_cert_dir.
+# certificate(as described in default_tls_x509_verify) signed by the
+# CA in the chardev_tls_x509_cert_dir (or default_tls_x509_cert_dir).
#
# If this option is not supplied, it will be set to the value of
# "default_tls_x509_verify".
@@ -375,9 +373,8 @@
# issuing an x509 certificate to every client who needs to connect.
#
# Enabling this option will reject any client that does not have a
-# ca-cert.pem certificate signed by the CA in the migrate_tls_x509_cert_dir
-# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem
-# files described in default_tls_x509_cert_dir.
+# certificate(as described in default_tls_x509_verify) signed by the
+# CA in the migrate_tls_x509_cert_dir (or default_tls_x509_cert_dir).
#
# If this option is not supplied, it will be set to the value of
# "default_tls_x509_verify".
@@ -412,9 +409,8 @@
# issuing an x509 certificate to every client who needs to connect.
#
# Enabling this option will reject any client that does not have a
-# ca-cert.pem certificate signed by the CA in the backup_tls_x509_cert_dir
-# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem
-# files described in default_tls_x509_cert_dir.
+# certificate(as described in default_tls_x509_verify) signed by the
+# CA in the backup_tls_x509_cert_dir (or default_tls_x509_cert_dir).
#
# If this option is not supplied, it will be set to the value of
# "default_tls_x509_verify".
--
2.20.1
On 8/21/20 12:59 PM, Fangge Jin wrote: > The original descirption for *_tls_x509_verify is a little misleading > by saying that "Enabling this option will reject any client who does > not have a ca-cert.pem certificate". > > Signed-off-by: Fangge Jin <fjin@redhat.com> > --- > src/qemu/qemu.conf | 20 ++++++++------------ > 1 file changed, 8 insertions(+), 12 deletions(-) > > diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf > index a96bedb114..b1bd3cecbd 100644 > --- a/src/qemu/qemu.conf > +++ b/src/qemu/qemu.conf > @@ -109,9 +109,8 @@ > # issuing an x509 certificate to every client who needs to connect. > # > # Enabling this option will reject any client that does not have a > -# ca-cert.pem certificate signed by the CA in the vnc_tls_x509_cert_dir > -# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem > -# files described in default_tls_x509_cert_dir. > +# certificate(as described in default_tls_x509_verify) signed by the Here and in the rest: s/certificate(/certificate (/ Fixed and pushed. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal
© 2016 - 2024 Red Hat, Inc.