If both "vnc_tls_x509_verify" and "default_tls_x509_verify" are missing
from the config file the client certificate validation is disabled. VNC
provides a layer of authentication so client certificate validation is
not strictly required.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
src/qemu/qemu.conf | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 6f9d940477..f40963ce48 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -119,7 +119,8 @@
# CA in the vnc_tls_x509_cert_dir (or default_tls_x509_cert_dir).
#
# If this option is not supplied, it will be set to the value of
-# "default_tls_x509_verify".
+# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either
+# the default is "0".
#
#vnc_tls_x509_verify = 1
--
2.28.0
On 11/13/20 4:01 PM, Peter Krempa wrote: > If both "vnc_tls_x509_verify" and "default_tls_x509_verify" are missing > from the config file the client certificate validation is disabled. VNC > provides a layer of authentication so client certificate validation is > not strictly required. > > Signed-off-by: Peter Krempa <pkrempa@redhat.com> > --- > src/qemu/qemu.conf | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf > index 6f9d940477..f40963ce48 100644 > --- a/src/qemu/qemu.conf > +++ b/src/qemu/qemu.conf > @@ -119,7 +119,8 @@ > # CA in the vnc_tls_x509_cert_dir (or default_tls_x509_cert_dir). > # > # If this option is not supplied, it will be set to the value of > -# "default_tls_x509_verify". > +# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either No native speaker, but perhaps s/either/neither/? Applies for next patches too. > +# the default is "0". > # > #vnc_tls_x509_verify = 1 > Michal
On a Friday in 2020, Michal Privoznik wrote: >On 11/13/20 4:01 PM, Peter Krempa wrote: >>If both "vnc_tls_x509_verify" and "default_tls_x509_verify" are missing >>from the config file the client certificate validation is disabled. VNC >>provides a layer of authentication so client certificate validation is >>not strictly required. >> >>Signed-off-by: Peter Krempa <pkrempa@redhat.com> >>--- >> src/qemu/qemu.conf | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >>diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf >>index 6f9d940477..f40963ce48 100644 >>--- a/src/qemu/qemu.conf >>+++ b/src/qemu/qemu.conf >>@@ -119,7 +119,8 @@ >> # CA in the vnc_tls_x509_cert_dir (or default_tls_x509_cert_dir). >> # >> # If this option is not supplied, it will be set to the value of >>-# "default_tls_x509_verify". >>+# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either > >No native speaker, but perhaps s/either/neither/? Applies for next >patches too. > Not a native speaker either, but your suggested substitution sounds weirder. Jano >>+# the default is "0". >> # >> #vnc_tls_x509_verify = 1 >> > >Michal >
On Fri, Nov 13, 2020 at 04:38:06PM +0100, Michal Privoznik wrote: > On 11/13/20 4:01 PM, Peter Krempa wrote: > > If both "vnc_tls_x509_verify" and "default_tls_x509_verify" are missing > > from the config file the client certificate validation is disabled. VNC > > provides a layer of authentication so client certificate validation is > > not strictly required. > > > > Signed-off-by: Peter Krempa <pkrempa@redhat.com> > > --- > > src/qemu/qemu.conf | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf > > index 6f9d940477..f40963ce48 100644 > > --- a/src/qemu/qemu.conf > > +++ b/src/qemu/qemu.conf > > @@ -119,7 +119,8 @@ > > # CA in the vnc_tls_x509_cert_dir (or default_tls_x509_cert_dir). > > # > > # If this option is not supplied, it will be set to the value of > > -# "default_tls_x509_verify". > > +# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either > > No native speaker, but perhaps s/either/neither/? Applies for next patches > too. That wouldn't be right - what's there now is fine. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 11/13/20 4:45 PM, Daniel P. Berrangé wrote: > On Fri, Nov 13, 2020 at 04:38:06PM +0100, Michal Privoznik wrote: >> On 11/13/20 4:01 PM, Peter Krempa wrote: >>> If both "vnc_tls_x509_verify" and "default_tls_x509_verify" are missing >>> from the config file the client certificate validation is disabled. VNC >>> provides a layer of authentication so client certificate validation is >>> not strictly required. >>> >>> Signed-off-by: Peter Krempa <pkrempa@redhat.com> >>> --- >>> src/qemu/qemu.conf | 3 ++- >>> 1 file changed, 2 insertions(+), 1 deletion(-) >>> >>> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf >>> index 6f9d940477..f40963ce48 100644 >>> --- a/src/qemu/qemu.conf >>> +++ b/src/qemu/qemu.conf >>> @@ -119,7 +119,8 @@ >>> # CA in the vnc_tls_x509_cert_dir (or default_tls_x509_cert_dir). >>> # >>> # If this option is not supplied, it will be set to the value of >>> -# "default_tls_x509_verify". >>> +# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied either >> >> No native speaker, but perhaps s/either/neither/? Applies for next patches >> too. > > That wouldn't be right - what's there now is fine. Okay, coming from a language that has double negatives so I'm never sure :-) Thanks for clarification. Michal
© 2016 - 2026 Red Hat, Inc.