The 'tls-creds-x509' object is always registered even when qemu is built
without gnutls for all supported qemu versions. This means we can assume
it's support and thus simplify the code using TLS.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
src/qemu/qemu_command.c | 8 +-------
src/qemu/qemu_domain.c | 4 ----
src/qemu/qemu_validate.c | 13 -------------
tests/qemuxml2argvtest.c | 12 ++++--------
4 files changed, 5 insertions(+), 32 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index a051e5a4e8..48f6ccbf50 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -767,15 +767,9 @@ qemuBuildTLSx509BackendProps(const char *tlspath,
bool verifypeer,
const char *alias,
const char *secalias,
- virQEMUCaps *qemuCaps,
+ virQEMUCaps *qemuCaps G_GNUC_UNUSED,
virJSONValue **propsret)
{
- if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("tls-creds-x509 not supported in this QEMU binary"));
- return -1;
- }
-
if (qemuMonitorCreateObjectProps(propsret, "tls-creds-x509", alias,
"s:dir", tlspath,
"s:endpoint", (isListen ? "server": "client"),
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 9a20938417..584bf5003f 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1406,15 +1406,11 @@ qemuDomainSecretGraphicsPrepare(virQEMUDriverConfig *cfg,
qemuDomainObjPrivate *priv,
virDomainGraphicsDef *graphics)
{
- virQEMUCaps *qemuCaps = priv->qemuCaps;
qemuDomainGraphicsPrivate *gfxPriv = QEMU_DOMAIN_GRAPHICS_PRIVATE(graphics);
if (graphics->type != VIR_DOMAIN_GRAPHICS_TYPE_VNC)
return 0;
- if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509))
- return 0;
-
if (!cfg->vncTLS)
return 0;
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 4fc344b493..865b42f81f 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1083,7 +1083,6 @@ qemuValidateDomainDef(const virDomainDef *def,
void *parseOpaque)
{
virQEMUDriver *driver = opaque;
- g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
g_autoptr(virQEMUCaps) qemuCapsLocal = NULL;
virQEMUCaps *qemuCaps = parseOpaque;
size_t i;
@@ -1218,18 +1217,6 @@ qemuValidateDomainDef(const virDomainDef *def,
if (qemuValidateDomainDefConsole(def, qemuCaps) < 0)
return -1;
- if (cfg->vncTLS && cfg->vncTLSx509secretUUID &&
- !virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) {
- for (i = 0; i < def->ngraphics; i++) {
- if (def->graphics[i]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC) {
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("encrypted VNC TLS keys are not supported with "
- "this QEMU binary"));
- return -1;
- }
- }
- }
-
for (i = 0; i < def->nsysinfo; i++) {
if (qemuValidateDomainDefSysinfo(def->sysinfo[i]) < 0)
return -1;
diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
index c3ba9df9af..d6aeccba3f 100644
--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
@@ -1660,22 +1660,18 @@ mymain(void)
QEMU_CAPS_DEVICE_ISA_SERIAL);
driver.config->chardevTLS = 1;
DO_TEST("serial-tcp-tlsx509-chardev",
- QEMU_CAPS_DEVICE_ISA_SERIAL,
- QEMU_CAPS_OBJECT_TLS_CREDS_X509);
+ QEMU_CAPS_DEVICE_ISA_SERIAL);
driver.config->chardevTLSx509verify = 1;
DO_TEST("serial-tcp-tlsx509-chardev-verify",
- QEMU_CAPS_DEVICE_ISA_SERIAL,
- QEMU_CAPS_OBJECT_TLS_CREDS_X509);
+ QEMU_CAPS_DEVICE_ISA_SERIAL);
driver.config->chardevTLSx509verify = 0;
DO_TEST("serial-tcp-tlsx509-chardev-notls",
- QEMU_CAPS_DEVICE_ISA_SERIAL,
- QEMU_CAPS_OBJECT_TLS_CREDS_X509);
+ QEMU_CAPS_DEVICE_ISA_SERIAL);
VIR_FREE(driver.config->chardevTLSx509certdir);
driver.config->chardevTLSx509certdir = g_strdup("/etc/pki/libvirt-chardev");
driver.config->chardevTLSx509secretUUID = g_strdup("6fd3f62d-9fe7-4a4e-a869-7acd6376d8ea");
DO_TEST("serial-tcp-tlsx509-secret-chardev",
- QEMU_CAPS_DEVICE_ISA_SERIAL,
- QEMU_CAPS_OBJECT_TLS_CREDS_X509);
+ QEMU_CAPS_DEVICE_ISA_SERIAL);
driver.config->chardevTLS = 0;
VIR_FREE(driver.config->chardevTLSx509certdir);
DO_TEST("serial-many-chardev",
--
2.31.1