From 549657f96937eee9d31a44f9cb202bd61a4ce99d Mon Sep 17 00:00:00 2001

Message-Id: <549657f96937eee9d31a44f9cb202bd61a4ce99d@dist-git>

From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>

Date: Tue, 28 Aug 2018 12:46:45 +0200

Subject: [PATCH] qemu: vnc: switch to tls-creds-x509

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

The tls, x509 and x509verify options were deprecated in QEMU v2.5.0:

commit 3e305e4a4752f70c0b5c3cf5b43ec957881714f7

Author:     Daniel P. Berrange <berrange@redhat.com>

    ui: convert VNC server to use QCryptoTLSSession

Use the tls-creds-x509 object when available.

https://bugzilla.redhat.com/show_bug.cgi?id=1598167

Signed-off-by: Ján Tomko <jtomko@redhat.com>

(cherry picked from commit 17f50c82600c11c0ebcb4fc944b3f38b8e06bcdb)

Signed-off-by: Ján Tomko <jtomko@redhat.com>

https: //bugzilla.redhat.com/show_bug.cgi?id=1598167

Reviewed-by: Erik Skultety <eskultet@redhat.com>

---

 src/qemu/qemu_command.c                       | 26 ++++++++++++++-----

 .../graphics-vnc-tls.x86_64-latest.args       |  4 ++-

 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c

index f2b64ed720..5c71abab96 100644

--- a/src/qemu/qemu_command.c

+++ b/src/qemu/qemu_command.c

@@ -7892,13 +7892,27 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPtr cfg,

         virBufferAddLit(&opt, ",password");

     if (cfg->vncTLS) {

-        virBufferAddLit(&opt, ",tls");

-        if (cfg->vncTLSx509verify) {

-            virBufferAddLit(&opt, ",x509verify=");

-            virQEMUBuildBufferEscapeComma(&opt, cfg->vncTLSx509certdir);

+        if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_TLS_CREDS_X509)) {

+            const char *alias = "vnc-tls-creds0";

+            if (qemuBuildTLSx509CommandLine(cmd,

+                                            cfg->vncTLSx509certdir,

+                                            true,

+                                            cfg->vncTLSx509verify,

+                                            NULL,

+                                            alias,

+                                            qemuCaps) < 0)

+                goto error;

+

+            virBufferAsprintf(&opt, ",tls-creds=%s", alias);

         } else {

-            virBufferAddLit(&opt, ",x509=");

-            virQEMUBuildBufferEscapeComma(&opt, cfg->vncTLSx509certdir);

+            virBufferAddLit(&opt, ",tls");

+            if (cfg->vncTLSx509verify) {

+                virBufferAddLit(&opt, ",x509verify=");

+                virQEMUBuildBufferEscapeComma(&opt, cfg->vncTLSx509certdir);

+            } else {

+                virBufferAddLit(&opt, ",x509=");

+                virQEMUBuildBufferEscapeComma(&opt, cfg->vncTLSx509certdir);

+            }

         }

     }

diff --git a/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args b/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args

index 01743eff2a..97775fad42 100644

--- a/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args

+++ b/tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args

@@ -24,7 +24,9 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \

 -no-acpi \

 -boot strict=on \

 -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 \

--vnc 127.0.0.1:3,tls,x509verify=/etc/pki/libvirt-vnc,sasl \

+-object tls-creds-x509,id=vnc-tls-creds0,dir=/etc/pki/libvirt-vnc,\

+endpoint=server,verify-peer=yes \

+-vnc 127.0.0.1:3,tls-creds=vnc-tls-creds0,sasl \

 -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 \

 -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,\

 resourcecontrol=deny \

-- 

2.18.0