From nobody Sat May 4 06:19:27 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1598007596; cv=none; d=zohomail.com; s=zohoarc; b=HWWbuncRsuPPlXanDyN0eiH9rU49MF71Ad9uh4cRirGTNXwrL+mHusiy63VHv/TMeiTkqYP/KkqvI5xrlDkf9D4qnErkjPEkN0KZFHReHcpuY4EWzzDtZBkMpsvFI5bQCtgqzCKT0MA8OMcoms/gCCzvJAqXQZJZl28/d+pxyQk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1598007596; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To; bh=NzOH6IUfW3JJZ/H6UJZrz+PoPzeptnyVAeZhyYY8ULQ=; b=i7mnIIbV8cCADJt6M2sw2WxtEBVVfVBViiYAjz0a/PRKkoPVRmNCah/L07kfbNBnRMNhIzaiN5PRGbm0BIn8bYMdWt7XpmYGgCGll1Im0WMEvjIBpdJkiBvw2ff4pPsRgcECAC2VU9SZFrfiKi5nQ3ptopTlU6dQuy1ErzPFG/0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1598007596850679.959129261814; Fri, 21 Aug 2020 03:59:56 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-443-2wuzPDG7MlO-iSA1xYqBYg-1; Fri, 21 Aug 2020 06:59:53 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1E4421007466; Fri, 21 Aug 2020 10:59:48 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 80F807C539; Fri, 21 Aug 2020 10:59:47 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 06CA7181A06B; Fri, 21 Aug 2020 10:59:42 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 07LAxCkw012726 for ; Fri, 21 Aug 2020 06:59:12 -0400 Received: by smtp.corp.redhat.com (Postfix) id 21010101417C; Fri, 21 Aug 2020 10:59:12 +0000 (UTC) Received: from 192.168.0.106 (ovpn-13-171.pek2.redhat.com [10.72.13.171]) by smtp.corp.redhat.com (Postfix) with ESMTP id 262E610098AE; Fri, 21 Aug 2020 10:59:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1598007595; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=NzOH6IUfW3JJZ/H6UJZrz+PoPzeptnyVAeZhyYY8ULQ=; b=AGKrbWskccRuhvXTY2m+Uw1C0KNTB9a1xF5y5EjUhSGyO9mEeo3JEh5FHxMLt0p3v93IKb MyuDVmQTKCpA4kUfOrAcXnH7XYedzHddjdNPEJFZN+aYXFJFgVBebASdn7KDiAh8mdlQ8L LU5iqrGoEJr42avw5NsPy0e2kf9zWIY= X-MC-Unique: 2wuzPDG7MlO-iSA1xYqBYg-1 From: Fangge Jin To: libvir-list@redhat.com Subject: [PATCH] qemu.conf: Re-word the description for *_tls_x509_verify Date: Fri, 21 Aug 2020 18:59:01 +0800 Message-Id: <20200821105901.10160-1-fjin@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com Cc: Fangge Jin X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0.001 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" The original descirption for *_tls_x509_verify is a little misleading by saying that "Enabling this option will reject any client who does not have a ca-cert.pem certificate". Signed-off-by: Fangge Jin Reviewed-by: Michal Privoznik --- src/qemu/qemu.conf | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index a96bedb114..b1bd3cecbd 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -109,9 +109,8 @@ # issuing an x509 certificate to every client who needs to connect. # # Enabling this option will reject any client that does not have a -# ca-cert.pem certificate signed by the CA in the vnc_tls_x509_cert_dir -# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem -# files described in default_tls_x509_cert_dir. +# certificate(as described in default_tls_x509_verify) signed by the +# CA in the vnc_tls_x509_cert_dir (or default_tls_x509_cert_dir). # # If this option is not supplied, it will be set to the value of # "default_tls_x509_verify". @@ -248,9 +247,8 @@ # issuing an x509 certificate to every client who needs to connect. # # Enabling this option will reject any client that does not have a -# ca-cert.pem certificate signed by the CA in the chardev_tls_x509_cert_dir -# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem -# files described in default_tls_x509_cert_dir. +# certificate(as described in default_tls_x509_verify) signed by the +# CA in the chardev_tls_x509_cert_dir (or default_tls_x509_cert_dir). # # If this option is not supplied, it will be set to the value of # "default_tls_x509_verify". @@ -375,9 +373,8 @@ # issuing an x509 certificate to every client who needs to connect. # # Enabling this option will reject any client that does not have a -# ca-cert.pem certificate signed by the CA in the migrate_tls_x509_cert_dir -# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem -# files described in default_tls_x509_cert_dir. +# certificate(as described in default_tls_x509_verify) signed by the +# CA in the migrate_tls_x509_cert_dir (or default_tls_x509_cert_dir). # # If this option is not supplied, it will be set to the value of # "default_tls_x509_verify". @@ -412,9 +409,8 @@ # issuing an x509 certificate to every client who needs to connect. # # Enabling this option will reject any client that does not have a -# ca-cert.pem certificate signed by the CA in the backup_tls_x509_cert_dir -# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem -# files described in default_tls_x509_cert_dir. +# certificate(as described in default_tls_x509_verify) signed by the +# CA in the backup_tls_x509_cert_dir (or default_tls_x509_cert_dir). # # If this option is not supplied, it will be set to the value of # "default_tls_x509_verify". --=20 2.20.1