qemu-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v6 00/11] Extract TLS handling code from VNC ser


From: Paolo Bonzini
Subject: Re: [Qemu-devel] [PATCH v6 00/11] Extract TLS handling code from VNC server
Date: Tue, 8 Sep 2015 12:04:11 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0


On 02/09/2015 13:17, Daniel P. Berrange wrote:
> This small patch series is a formal submission of another part
> of my previous series
> 
>  v1: https://lists.gnu.org/archive/html/qemu-devel/2015-04/msg02038.html
>  v2: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg01267.html
>  v3: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg01386.html
>  v4: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02655.html
>  v5: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg03159.html
> 
> Now we have the basic crypto module defined for hash/cipher APIs,
> we extend it to also cover TLS credential and TLS session handling
> APIs. These new TLS related APIs obsolete the vast majority of the
> TLS handling code in the current VNC server. As a result the VNC
> server no longer has to worry about conditional compilation for
> GNUTLS. It also gives us code reuse for future patches which intend
> to add TLS support to chardevs, migration, nbd, etc.
> 
> This series deprecates the existing way of configuring TLS for
> VNC on the command line, but maintains support for back-compat
> reasons.
> 
> Since the TLS code is now totally isolated from the VNC server it
> is also practical to provide significant unit test coverage of what
> is security critical code.
> 
> Aside from the new CLI syntax for configuring TLS with VNC, the
> only other functional change is to allow diffie-hellman params
> to be loaded from a file, instead of being generated at startup.
> 
> Changes in v6:
> 
>  - Remove use of -Wl,--whole-archive added in v5 since it
>    bloated the binary sizes too much
>  - Move crypto code out of libqemuutil.a to allow linking
>    with QOM without problem of linker dropping objects only
>    referenced via constructors
>  - Allow tools to link to QOM objects
>  - Remove repetition in unit test object deps
>  - Remove trailing '.' from error messages in TLS code
>  - Remove leading '_' from struct name in TLS session
>  - Fix leak of TLS credentials in cert checking error path
>  - Added docs for enhancement to enum code generator
>  - Misc docs typos & indentation fixes
>  - Add more sanity checking to enum code generator
>  - Add tests to cover enum code generator enhancement
>  - Fix dereference of Error **errp variables
>  - Fix overwriting of already set Error * variable in tests
>  - Use CHAR_BIT constant in sasl code
>  - Fix incorrect return status in VNC TLS code errorpath

I think the patches are great, and I'm not sure if anyone is in a better
position than you to decide if they're ready.  I don't even know if
anyone really understands the VNC TLS code and thus can review patch 11.
:)  So I would just ask you to send a pull request.

Paolo



reply via email to

[Prev in Thread] Current Thread [Next in Thread]