[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v6 00/11] Extract TLS handling code from VNC ser
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PATCH v6 00/11] Extract TLS handling code from VNC server |
Date: |
Tue, 8 Sep 2015 12:04:11 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.1.0 |
On 02/09/2015 13:17, Daniel P. Berrange wrote:
> This small patch series is a formal submission of another part
> of my previous series
>
> v1: https://lists.gnu.org/archive/html/qemu-devel/2015-04/msg02038.html
> v2: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg01267.html
> v3: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg01386.html
> v4: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02655.html
> v5: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg03159.html
>
> Now we have the basic crypto module defined for hash/cipher APIs,
> we extend it to also cover TLS credential and TLS session handling
> APIs. These new TLS related APIs obsolete the vast majority of the
> TLS handling code in the current VNC server. As a result the VNC
> server no longer has to worry about conditional compilation for
> GNUTLS. It also gives us code reuse for future patches which intend
> to add TLS support to chardevs, migration, nbd, etc.
>
> This series deprecates the existing way of configuring TLS for
> VNC on the command line, but maintains support for back-compat
> reasons.
>
> Since the TLS code is now totally isolated from the VNC server it
> is also practical to provide significant unit test coverage of what
> is security critical code.
>
> Aside from the new CLI syntax for configuring TLS with VNC, the
> only other functional change is to allow diffie-hellman params
> to be loaded from a file, instead of being generated at startup.
>
> Changes in v6:
>
> - Remove use of -Wl,--whole-archive added in v5 since it
> bloated the binary sizes too much
> - Move crypto code out of libqemuutil.a to allow linking
> with QOM without problem of linker dropping objects only
> referenced via constructors
> - Allow tools to link to QOM objects
> - Remove repetition in unit test object deps
> - Remove trailing '.' from error messages in TLS code
> - Remove leading '_' from struct name in TLS session
> - Fix leak of TLS credentials in cert checking error path
> - Added docs for enhancement to enum code generator
> - Misc docs typos & indentation fixes
> - Add more sanity checking to enum code generator
> - Add tests to cover enum code generator enhancement
> - Fix dereference of Error **errp variables
> - Fix overwriting of already set Error * variable in tests
> - Use CHAR_BIT constant in sasl code
> - Fix incorrect return status in VNC TLS code errorpath
I think the patches are great, and I'm not sure if anyone is in a better
position than you to decide if they're ready. I don't even know if
anyone really understands the VNC TLS code and thus can review patch 11.
:) So I would just ask you to send a pull request.
Paolo
- [Qemu-devel] [PATCH v6 02/11] tests: remove repetition in unit test object deps, (continued)
- [Qemu-devel] [PATCH v6 02/11] tests: remove repetition in unit test object deps, Daniel P. Berrange, 2015/09/02
- [Qemu-devel] [PATCH v6 03/11] crypto: move crypto objects out of libqemuutil.la, Daniel P. Berrange, 2015/09/02
- [Qemu-devel] [PATCH v6 04/11] qom: allow QOM to be linked into tools binaries, Daniel P. Berrange, 2015/09/02
- [Qemu-devel] [PATCH v6 05/11] crypto: introduce new base module for TLS credentials, Daniel P. Berrange, 2015/09/02
- [Qemu-devel] [PATCH v6 06/11] crypto: introduce new module for TLS anonymous credentials, Daniel P. Berrange, 2015/09/02
- [Qemu-devel] [PATCH v6 07/11] crypto: introduce new module for TLS x509 credentials, Daniel P. Berrange, 2015/09/02
- [Qemu-devel] [PATCH v6 10/11] ui: fix return type for VNC I/O functions to be ssize_t, Daniel P. Berrange, 2015/09/02
- [Qemu-devel] [PATCH v6 09/11] crypto: introduce new module for handling TLS sessions, Daniel P. Berrange, 2015/09/02
- [Qemu-devel] [PATCH v6 11/11] ui: convert VNC server to use QCryptoTLSSession, Daniel P. Berrange, 2015/09/02
- [Qemu-devel] [PATCH v6 08/11] crypto: add sanity checking of TLS x509 credentials, Daniel P. Berrange, 2015/09/02
- Re: [Qemu-devel] [PATCH v6 00/11] Extract TLS handling code from VNC server,
Paolo Bonzini <=