From nobody Mon Sep 8 21:39:52 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1749479143; cv=none; d=zohomail.com; s=zohoarc; b=jkpLCe7BZqlax7RHSNkZn3EWau6+3taJtXBnUHX31zLqnLxE/TnCCuhfz0W6zEK+FE1w+IzTYSEHflFsLZ2epi1jItfXXwCEjyR+6px05XIXfC8kjpnLOHqQ5KKmR/PkfHo05zAvQor9Mu26Egt7ttlJ6O92hUwJljd2Pal7+bE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1749479143; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=WkXvHfXwVSVYZMgVHBtcsZxpbazrF7cpvC16dhDiUqQ=; b=KVQ2Zv+T7jgV7xNFtouCW002CsTD4j9pgxp9/dovdYnJUjqp9hGG4HNs9ZZReuBHOV5Cha16hz5PxF4nrRi//UQ0KUPtFVBBQdQuHZLJ1uI535bJ/PPGHzAvKVefZP6xeajkKGa7fvCB0V/nLiUB8gyRher6zfW2T2zJPtqFc4k= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1749479143850581.2957620431627; Mon, 9 Jun 2025 07:25:43 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id BCC6D167A; Mon, 9 Jun 2025 10:25:42 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id C873B110F; Mon, 9 Jun 2025 10:25:03 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 705BBE6B; Mon, 9 Jun 2025 10:24:58 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id E6DCDE6B for ; Mon, 9 Jun 2025 10:24:57 -0400 (EDT) Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-488-HtvoG8qnNU6luKMVXYKo7Q-1; Mon, 09 Jun 2025 10:24:56 -0400 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-451ac1b43c4so25545155e9.0 for ; Mon, 09 Jun 2025 07:24:56 -0700 (PDT) Received: from wheatley.localdomain ([85.93.96.130]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-45213709686sm112982595e9.23.2025.06.09.07.24.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Jun 2025 07:24:54 -0700 (PDT) Received: from wheatley.brq.redhat.com (wheatley.k8r.cz [127.0.0.1]) by wheatley.localdomain (Postfix) with ESMTP id ABC0DB6434AB for ; Mon, 09 Jun 2025 16:24:53 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE,WEIRD_PORT autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1749479097; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=92Z82FBvHwS0DPvgPKgK/rMaPaxobfvk+oIdlSwBDWY=; b=ZixIBP+bBvsFXqrq8emG5s6W3xbfyssh1fyp6IQ/yf4LaixTk3ybj1jIJ1xrHTCrTVuxLF zZbz5+TRpr9LDSrkUGLIAeAWEOywOGYtKydoGKo6deIX+NSIwLMga6wyDP4JRfuaMFb78r RHvS7vUArFGpYavubKrBkiRMGgskCoQ= X-MC-Unique: HtvoG8qnNU6luKMVXYKo7Q-1 X-Mimecast-MFC-AGG-ID: HtvoG8qnNU6luKMVXYKo7Q_1749479095 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749479095; x=1750083895; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=92Z82FBvHwS0DPvgPKgK/rMaPaxobfvk+oIdlSwBDWY=; b=mdr0Z3ULLgT38cYJ23ragwFeqFDIINaWWgM6H5Q8vALqkXVaI2cDTBBB5CvxNBRyft rY0ke/OdcKyFF0hpNF5NWyHVNxQAMEkS+CckeJEI2eHLo+a2cOZl2YV9bYAFSk4E9/yR bfYhxuHoXzoPFOkRAipVmTnmPxXc3eHRXLfCIFwYkRK2jrGkNjsZW6dTpNKdFQKb6DLN 5DN4Duggb+X+fuw/ibxx41IKYbunAZFOSOdOlSZXf14kdD0G0ypwqto1T0uIn2UZryap V0PjKatRU/ExReMT/k5lg+sq6EWf4f5rn+u57D1G0MwpRnnqrpEqAQLuitP/2QKsN/Df 6rCw== X-Gm-Message-State: AOJu0Yy7fr+V0sP4sDg7OX/75CIAF5LqPjwc01qjLsnxupNCWYAlAl9z CpZHpM1rBFZpXgD48vI3ZgPWFGbbXJHz29ebQnbLT+bJCtoeLINrSz5978Ng+kMCzQuKv0pkdTd sWBsjvqZiAPLOXz46hSS83bFZ7ynmaufePTz73K3TN0GWtTBCc9QeBeCrsR26eAEWaW/Dk6G3SU YGThPKZFkgkjRDRw/HKLiCK1AprGftN3Qe+xO4Dsc5ISI= X-Gm-Gg: ASbGncvDheY6SllNSXi1atlYkzXWnUs0CRjXkBzn3WrVgSx+lkHT0vz1GdS+ql4lMme VwRmwvlEYxwVug1Qp1x/fGubmaTKFUj18a7VIDkLc5R20OL8tVYEguiy3g0gtSKtmX+JAM47Di2 5c8deXWutgEbrkLhZXUh+MnjXcyyylPRYl/fPIeYtiSIsZkfoWu3l2tBHITGk7hygJq7AXQ+V/6 1lEkZbmdHHa9XSXifMCNR1s1u9NheqHzFiaX8YDBkz/8z/IzwnWjdbY6tm1qX/gui3/3Dcwe3oN LfzUmuJdH4y9jtYN78asIfQJ2sM1l1U= X-Received: by 2002:a05:600c:35c9:b0:453:c39:d0a7 with SMTP id 5b1f17b1804b1-4530c39d6cdmr43911405e9.5.1749479095079; Mon, 09 Jun 2025 07:24:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IG0FyhPCCsTAZ1zed1czKj47/c8i7z3LRooazDV407OEVv93/nia/Q0SAH1yboxVG3ucv4mCg== X-Received: by 2002:a05:600c:35c9:b0:453:c39:d0a7 with SMTP id 5b1f17b1804b1-4530c39d6cdmr43911155e9.5.1749479094593; Mon, 09 Jun 2025 07:24:54 -0700 (PDT) To: devel@lists.libvirt.org Subject: [PATCH 1/2] esx: Allow specifying different CA bundle for remote connections Date: Mon, 9 Jun 2025 16:24:44 +0200 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: _aFtZNAmy--aUGL88f2h1Uwx_cllEjGebWS96e2euKs_1749479095 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: IVACTXL3FU7WNPRVWJ6NZROGWAG3ZI7F X-Message-ID-Hash: IVACTXL3FU7WNPRVWJ6NZROGWAG3ZI7F X-MailFrom: mkletzan@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Martin Kletzander via Devel Reply-To: Martin Kletzander X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1749479145074116600 Content-Type: text/plain; charset="utf-8"; x-default="true" From: Martin Kletzander Add new URI parameter which allows for using non-system CA certificates to verify remote peers. Signed-off-by: Martin Kletzander Reviewed-by: J=C3=A1n Tomko --- docs/drvesx.rst | 16 ++++++++++++++-- src/esx/esx_util.c | 4 ++++ src/esx/esx_util.h | 1 + src/esx/esx_vi.c | 3 +++ 4 files changed, 22 insertions(+), 2 deletions(-) diff --git a/docs/drvesx.rst b/docs/drvesx.rst index 13c2bc37e50b..37398a11ee09 100644 --- a/docs/drvesx.rst +++ b/docs/drvesx.rst @@ -91,7 +91,7 @@ Multiple parameters are separated by ``&``. =20 :: =20 - ?no_verify=3D1&auto_answer=3D1&proxy=3Dsocks://example-proxy.com:23456 + ?no_verify=3D1&auto_answer=3D1&proxy=3Dsocks://example-proxy.com:23456&= cainfo_path=3Dcerts/ca-bundle.pem =20 The driver understands the extra parameters shown below. =20 @@ -146,6 +146,16 @@ The driver understands the extra parameters shown belo= w. | | | ``port`` allows to overr= ide | | | | the default port 1080. = | +-----------------+-----------------------------+-------------------------= ----+ +| ``cainfo_path`` | Path to a file with one | The specified file will = be | +| | or more certificates | used for verifying the = | +| | | remote host certificate = | +| | | instead of the default = | +| | | system one. = | +| | | :since:`Since 11.5.0`. = | +| | | Does nothing if = | +| | | ``no_verify`` is set = | +| | | to ``1`` = | ++-----------------+-----------------------------+-------------------------= ----+ =20 Authentication ~~~~~~~~~~~~~~ @@ -181,8 +191,10 @@ error like this one: =20 error: internal error curl_easy_perform() returned an error: Peer certi= ficate cannot be authenticated with known CA certificates (60) =20 -Where are two ways to solve this problem: +Where are three ways to solve this problem: =20 +- Use the ``cainfo_path`` `Extra parameters`_ to point to a certificate b= undle + with the CA that signed the SSL certificate used on the ESX server. - Use the ``no_verify=3D1`` `Extra parameters`_ to disable server certificate verification. - Generate new SSL certificates signed by a CA known to your client compu= ter diff --git a/src/esx/esx_util.c b/src/esx/esx_util.c index cb9638f36047..9a2d194fc94c 100644 --- a/src/esx/esx_util.c +++ b/src/esx/esx_util.c @@ -135,6 +135,9 @@ esxUtil_ParseUri(esxUtil_ParsedUri **parsedUri, virURI = *uri) goto cleanup; } } + } else if (STRCASEEQ(queryParam->name, "cainfo_path")) { + g_clear_pointer(&(*parsedUri)->cainfo_path, g_free); + (*parsedUri)->cainfo_path =3D g_strdup(queryParam->value); } else { VIR_WARN("Ignoring unexpected query parameter '%s'", queryParam->name); @@ -168,6 +171,7 @@ esxUtil_FreeParsedUri(esxUtil_ParsedUri **parsedUri) g_free((*parsedUri)->vCenter); g_free((*parsedUri)->proxy_hostname); g_free((*parsedUri)->path); + g_free((*parsedUri)->cainfo_path); =20 g_free(*parsedUri); } diff --git a/src/esx/esx_util.h b/src/esx/esx_util.h index 088c943e6448..3f8d8d7cb3b4 100644 --- a/src/esx/esx_util.h +++ b/src/esx/esx_util.h @@ -44,6 +44,7 @@ struct _esxUtil_ParsedUri { char *proxy_hostname; int proxy_port; char *path; + char *cainfo_path; }; =20 int esxUtil_ParseUri(esxUtil_ParsedUri **parsedUri, virURI *uri); diff --git a/src/esx/esx_vi.c b/src/esx/esx_vi.c index 6faf49f27b1c..9039075f2e6b 100644 --- a/src/esx/esx_vi.c +++ b/src/esx/esx_vi.c @@ -343,6 +343,9 @@ esxVI_CURL_Connect(esxVI_CURL *curl, esxUtil_ParsedUri = *parsedUri) parsedUri->proxy_port); } =20 + if (parsedUri->cainfo_path) + curl_easy_setopt(curl->handle, CURLOPT_CAINFO, parsedUri->cainfo_p= ath); + if (virMutexInit(&curl->lock) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Could not initialize CURL mutex")); --=20 2.49.0 From nobody Mon Sep 8 21:39:52 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1749479172; cv=none; d=zohomail.com; s=zohoarc; b=Kbzkm/rjUxBm5ao1k1PeKPbWhXJUXsQSK1YLKt0+DPnjCGO8T7JU94zsMSD1R6g0lG2xvr3bdP0+SDfssGMTOxf4gk+Q8SQtIUOZCa9lvxGsWh8oe5KFfIoV5/myUXtRm2PPGUG07GrH6tLKNAO/IAX2PJ8k4vAcMhiLC4kTlr0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1749479172; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id:Cc; bh=TxZ1ibRpvWIITc6ARWbQI38A6memuglV9wLyYwvACMc=; b=HdY9yM75m8GdgFe8/11HaT2dXNmsRv5yXwO7/Dq3t3/E9WTOV2gutrVLzO5pMRX9jhS2PtMmQK29+cT+erVXS7FJcV9VsOGZgf5zP65mNwKPOguBvt2t3TGNayLcz832OBxGMCoEdPJQadcMtBSOHcCqBMl2+0L5z06+bTHpIsI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1749479172838391.1894645963745; Mon, 9 Jun 2025 07:26:12 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id DEB2199B; Mon, 9 Jun 2025 10:26:11 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 2985F15ED; Mon, 9 Jun 2025 10:25:08 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 7C931108A; Mon, 9 Jun 2025 10:24:58 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 24600103C for ; Mon, 9 Jun 2025 10:24:58 -0400 (EDT) Received: from mail-wr1-f69.google.com (mail-wr1-f69.google.com [209.85.221.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-602-e_efI8TiPr2Za1tQtrsvig-1; Mon, 09 Jun 2025 10:24:56 -0400 Received: by mail-wr1-f69.google.com with SMTP id ffacd0b85a97d-3a52bfda108so2129708f8f.3 for ; Mon, 09 Jun 2025 07:24:56 -0700 (PDT) Received: from wheatley.localdomain ([85.93.96.130]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4530f7ed8cfsm40011625e9.11.2025.06.09.07.24.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 Jun 2025 07:24:54 -0700 (PDT) Received: from wheatley.brq.redhat.com (wheatley.k8r.cz [127.0.0.1]) by wheatley.localdomain (Postfix) with ESMTP id B79FCB6434AC for ; Mon, 09 Jun 2025 16:24:53 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1749479097; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=R+xfoJSzug9dLNb1OeD21WoXn2KfkPJ4JGyTxS3U/qI=; b=GLvGjHbu1q3wjTh06gmOAIGBZL5raB/5RX8vo0HiucL23FKJPrd0hUus5H+AmB6tEnqveM krNaJFX/SjtUmXvrYaC03W8ofpHx7g8fUrwCwuOH7ny7GuWWxAp6NnwS7IlZRa+ATwPU3e tLQEmHLgTjtzdholtcAg7UnNElB6t4g= X-MC-Unique: e_efI8TiPr2Za1tQtrsvig-1 X-Mimecast-MFC-AGG-ID: e_efI8TiPr2Za1tQtrsvig_1749479095 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1749479095; x=1750083895; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R+xfoJSzug9dLNb1OeD21WoXn2KfkPJ4JGyTxS3U/qI=; b=QDyiCdjEoWKlDpwhy5KWR+Q10hc6pv2oFbJ5dpdLKuC2EW5ekYB9LQT7+t/E+iu1Xt aflB1IKsS2wrE+RskAvM2YQFAjhZRY4R3M6dI/UWLppuoK+VSSBpUJQOSs8pxqxALHlq beMfL75IpCo4lOCZ0gUFAIzi9UClZ98woH8uyiE1u5HrUXQnzylNJHwrWFn8s5iu298w HCpDb3QtF/BPXQDR3BWLDB1ZePzUfS1CI33MUtBssf8U1UJfj9wkTXC/v01fBoNRYA/o uDxfLh0nEmZgDqKsNQnlgUSQT5dWGJCkk6z/G1OgJUSoLpI21aBXYtKB1GPoIX6HJq8a BapA== X-Gm-Message-State: AOJu0YydajyZDnHyxM6UULy1yHLFtcWsUpFyhcFfQaceBdSsm9Jgey1Y UAnA3xIqqwKapTkQDZkcltLyoN41vwz6KLvwDkbImnWgmJqg1A+D4lFi0CtKV0mLMCzD0SA+/tI 05jwjqKje+gEkcwFJZfBVa1hGfHg1+GU6kzd+74QHW8hy00BpwsjoEDfeTepEZTBUGjWN34RRHd u2L7GxX7u+v3Pf1z6Ci95JlzEICHnaeY4BNf3b9LcIr1o= X-Gm-Gg: ASbGncuJnh1AAqk5KHvIct4RDikJYmc++MmY40xob9GIoeCOpYPEfvk/YATzDpE6AQH ZKMNqbxJkApBGXF09vYvc+FTbnbH004GGWyF04zINjdVE3Xc/sVQawcYdO4137E9MEmr4WC1dTL 9Xp3Gg4m7Ivb4Pr336KTVip5pKjQhV65n+Vi8wBZNoutyuhBu2R6fnUASIJeG9Va/GXGD2mQ8we tdH6WO8nNLh8DfbxI786h2wdlV5kPmObpg+hcvqdCjq7HgrGSGiCXB7zD5/blI3VduWZaP44tkf s3PxIapcjLIOydHovCH2 X-Received: by 2002:a05:6000:2088:b0:3a4:d98d:76b9 with SMTP id ffacd0b85a97d-3a531cadb37mr8910925f8f.41.1749479095253; Mon, 09 Jun 2025 07:24:55 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHZUJVXNhGcZbDquEJvcNDRbP0PhuZxuzEqNfMyH1Oh5qVXUFxHOwRJHX82u3gmkg7uWyl5rA== X-Received: by 2002:a05:6000:2088:b0:3a4:d98d:76b9 with SMTP id ffacd0b85a97d-3a531cadb37mr8910906f8f.41.1749479094791; Mon, 09 Jun 2025 07:24:54 -0700 (PDT) To: devel@lists.libvirt.org Subject: [PATCH 2/2] NEWS: Mention cainfo_path parameter in esx driver Date: Mon, 9 Jun 2025 16:24:45 +0200 Message-ID: X-Mailer: git-send-email 2.49.0 In-Reply-To: References: MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: pMA1isAVPbTMB3K1fiuac7MvM0i4yYpcsCNar1-gil8_1749479095 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 3LYLBPTP75PLMHENQ7SLR355ODJNAUQ4 X-Message-ID-Hash: 3LYLBPTP75PLMHENQ7SLR355ODJNAUQ4 X-MailFrom: mkletzan@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Martin Kletzander via Devel Reply-To: Martin Kletzander X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1749479173347116600 Content-Type: text/plain; charset="utf-8"; x-default="true" From: Martin Kletzander Signed-off-by: Martin Kletzander Reviewed-by: J=C3=A1n Tomko --- NEWS.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index 2559aaf7e031..a831c76be5b0 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -39,6 +39,11 @@ v11.5.0 (unreleased) that it is the controller which ultimately has the serial number attac= hed to it, but for ease of use it is automatically copied from the disk seria= l. =20 + * esx: Add support for specifying alternative CA bundle for remote peer = verification + + Users can now use ``cainfo_path`` parameter in the URI to override the + default location used to search for CA certificates. + * **Improvements** =20 * **Bug fixes** --=20 2.49.0