[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 1/1] chardev: add support for authorization for
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH 1/1] chardev: add support for authorization for TLS clients |
Date: |
Thu, 7 Mar 2019 13:00:05 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.1 |
On 3/7/19 12:51 PM, Marc-André Lureau wrote:
> Hi
>
>> +++ b/qapi/char.json
>> @@ -248,6 +248,11 @@
>> # @addr: socket address to listen on (server=true)
>> # or connect to (server=false)
>> # @tls-creds: the ID of the TLS credentials object (since 2.6)
>> +# @tls-authz: the ID of the QAuthZ authorization object against which
>> +# the client's x509 distinguished name will validated. This
>
> will be? (not a native speaker, but sounds weird to me)
Yes, 'be' is missing.
>> @@ -2568,6 +2568,11 @@ and specifies the id of the TLS credentials to use
>> for the handshake. The
>> credentials must be previously created with the @option{-object tls-creds}
>> argument.
>>
>> address@hidden provides the ID of the QAuthZ authorization object against
>> +which the client's x509 distinguished name will validated. This object is
>> only
>
> same
>
>> +resolved at time of use, so can be deleted and recreated on the fly while
>> the
>> +chardev server is active. If missing, it will default to denying access.
>
> Why not have "(since 4.0)" here?
We haven't been using it in .hx doc anywhere else (which in turn feeds
the man page and online documentation); only the QMP descriptions have
used the tag. Uniformly using it in the .hx file might make sense, but
as a much bigger cleanup task separate from this patch that just
preserves existing style.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature