From nobody Mon Feb 9 16:53:52 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1632411480; cv=none; d=zohomail.com; s=zohoarc; b=A9P2VO+Ns+dWhcrNXI8z3sJu9YltKP/L/C1V4lOzRvKG15G4mdqHUqIgRFB1iyZkBR/qARAchiwRRCTaFhkdIkWzpKOWG4JhMUDnPZSn8SjF5vGGx8ZU9kwLBEzMYhRN21BT/X1KZsTwIXaKlmO7xFroE5xXszWvP+aPCfu+B5Y= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1632411480; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=lVFd4P8JgvonExfhKzsTD5roVPQoUyWY5YnKnLSI5og=; b=NOYlcTtYCjPmsvhpNtm/wFwn/oXpsIGdOBY5hlqC1K01kH5HkUZ9rSCAga+QocxvE3AWhiLFli6CMP6h5mpi/aNABoiejcXANjjqhyj9jwFFMVGf/9QHOZzNtOfyH2FwpqkpTpYIJWxsF9HUK/rEXjvNZWDCWnPtvjoL/UcDy+I= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1632411480782124.2562098906078; Thu, 23 Sep 2021 08:38:00 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-349-2T7UbfUkMx2FiYUss6gT7A-1; Thu, 23 Sep 2021 11:37:58 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B0BF29F947; Thu, 23 Sep 2021 15:37:36 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D8D78794A1; Thu, 23 Sep 2021 15:37:35 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 9A9E41806D01; Thu, 23 Sep 2021 15:37:35 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 18NFbQR2000476 for ; Thu, 23 Sep 2021 11:37:26 -0400 Received: by smtp.corp.redhat.com (Postfix) id 388AF10550A4; Thu, 23 Sep 2021 15:37:26 +0000 (UTC) Received: from speedmetal.redhat.com (unknown [10.40.208.16]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1CE0E1084202 for ; Thu, 23 Sep 2021 15:37:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1632411479; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=lVFd4P8JgvonExfhKzsTD5roVPQoUyWY5YnKnLSI5og=; b=dmovMW6HGJjanHNZkAr+o1nzkYjBEmkwwzkEjRDMWrQr9wWZ/qgDDKjnUHvUV8Zq+NLyiy tIDt8q0I7IBDdmvEkD9itiDE65VgR59dINyNrhSEgw/ffiKIt6xcEQ7v7wneh8ai+Vu4t5 MuvuY6hcXXm0FRsK0l7Gg2HyEbsJN2Y= X-MC-Unique: 2T7UbfUkMx2FiYUss6gT7A-1 From: Peter Krempa To: libvir-list@redhat.com Subject: [PATCH 02/14] qemu: Always assume presence of QEMU_CAPS_OBJECT_TLS_CREDS_X509 Date: Thu, 23 Sep 2021 17:37:08 +0200 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) X-ZM-MESSAGEID: 1632411481269100001 Content-Type: text/plain; charset="utf-8" The 'tls-creds-x509' object is always registered even when qemu is built without gnutls for all supported qemu versions. This means we can assume it's support and thus simplify the code using TLS. Signed-off-by: Peter Krempa --- src/qemu/qemu_command.c | 8 +------- src/qemu/qemu_domain.c | 4 ---- src/qemu/qemu_validate.c | 13 ------------- tests/qemuxml2argvtest.c | 12 ++++-------- 4 files changed, 5 insertions(+), 32 deletions(-) diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c index a051e5a4e8..48f6ccbf50 100644 --- a/src/qemu/qemu_command.c +++ b/src/qemu/qemu_command.c @@ -767,15 +767,9 @@ qemuBuildTLSx509BackendProps(const char *tlspath, bool verifypeer, const char *alias, const char *secalias, - virQEMUCaps *qemuCaps, + virQEMUCaps *qemuCaps G_GNUC_UNUSED, virJSONValue **propsret) { - if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("tls-creds-x509 not supported in this QEMU binary= ")); - return -1; - } - if (qemuMonitorCreateObjectProps(propsret, "tls-creds-x509", alias, "s:dir", tlspath, "s:endpoint", (isListen ? "server": "= client"), diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index 9a20938417..584bf5003f 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -1406,15 +1406,11 @@ qemuDomainSecretGraphicsPrepare(virQEMUDriverConfig= *cfg, qemuDomainObjPrivate *priv, virDomainGraphicsDef *graphics) { - virQEMUCaps *qemuCaps =3D priv->qemuCaps; qemuDomainGraphicsPrivate *gfxPriv =3D QEMU_DOMAIN_GRAPHICS_PRIVATE(gr= aphics); if (graphics->type !=3D VIR_DOMAIN_GRAPHICS_TYPE_VNC) return 0; - if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) - return 0; - if (!cfg->vncTLS) return 0; diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 4fc344b493..865b42f81f 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -1083,7 +1083,6 @@ qemuValidateDomainDef(const virDomainDef *def, void *parseOpaque) { virQEMUDriver *driver =3D opaque; - g_autoptr(virQEMUDriverConfig) cfg =3D virQEMUDriverGetConfig(driver); g_autoptr(virQEMUCaps) qemuCapsLocal =3D NULL; virQEMUCaps *qemuCaps =3D parseOpaque; size_t i; @@ -1218,18 +1217,6 @@ qemuValidateDomainDef(const virDomainDef *def, if (qemuValidateDomainDefConsole(def, qemuCaps) < 0) return -1; - if (cfg->vncTLS && cfg->vncTLSx509secretUUID && - !virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) { - for (i =3D 0; i < def->ngraphics; i++) { - if (def->graphics[i]->type =3D=3D VIR_DOMAIN_GRAPHICS_TYPE_VNC= ) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("encrypted VNC TLS keys are not supported= with " - "this QEMU binary")); - return -1; - } - } - } - for (i =3D 0; i < def->nsysinfo; i++) { if (qemuValidateDomainDefSysinfo(def->sysinfo[i]) < 0) return -1; diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c index c3ba9df9af..d6aeccba3f 100644 --- a/tests/qemuxml2argvtest.c +++ b/tests/qemuxml2argvtest.c @@ -1660,22 +1660,18 @@ mymain(void) QEMU_CAPS_DEVICE_ISA_SERIAL); driver.config->chardevTLS =3D 1; DO_TEST("serial-tcp-tlsx509-chardev", - QEMU_CAPS_DEVICE_ISA_SERIAL, - QEMU_CAPS_OBJECT_TLS_CREDS_X509); + QEMU_CAPS_DEVICE_ISA_SERIAL); driver.config->chardevTLSx509verify =3D 1; DO_TEST("serial-tcp-tlsx509-chardev-verify", - QEMU_CAPS_DEVICE_ISA_SERIAL, - QEMU_CAPS_OBJECT_TLS_CREDS_X509); + QEMU_CAPS_DEVICE_ISA_SERIAL); driver.config->chardevTLSx509verify =3D 0; DO_TEST("serial-tcp-tlsx509-chardev-notls", - QEMU_CAPS_DEVICE_ISA_SERIAL, - QEMU_CAPS_OBJECT_TLS_CREDS_X509); + QEMU_CAPS_DEVICE_ISA_SERIAL); VIR_FREE(driver.config->chardevTLSx509certdir); driver.config->chardevTLSx509certdir =3D g_strdup("/etc/pki/libvirt-ch= ardev"); driver.config->chardevTLSx509secretUUID =3D g_strdup("6fd3f62d-9fe7-4a= 4e-a869-7acd6376d8ea"); DO_TEST("serial-tcp-tlsx509-secret-chardev", - QEMU_CAPS_DEVICE_ISA_SERIAL, - QEMU_CAPS_OBJECT_TLS_CREDS_X509); + QEMU_CAPS_DEVICE_ISA_SERIAL); driver.config->chardevTLS =3D 0; VIR_FREE(driver.config->chardevTLSx509certdir); DO_TEST("serial-many-chardev", --=20 2.31.1