Go to file
Daniel P. Berrange 3e305e4a47 ui: convert VNC server to use QCryptoTLSSession
Switch VNC server over to using the QCryptoTLSSession object
for the TLS session. This removes the direct use of gnutls
from the VNC server code. It also removes most knowledge
about TLS certificate handling from the VNC server code.
This has the nice effect that all the CONFIG_VNC_TLS
conditionals go away and the user gets an actual error
message when requesting TLS instead of it being silently
ignored.

With this change, the existing configuration options for
enabling TLS with -vnc are deprecated.

Old syntax for anon-DH credentials:

  -vnc hostname:0,tls

New syntax:

  -object tls-creds-anon,id=tls0,endpoint=server \
  -vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, no client certs:

  -vnc hostname:0,tls,x509=/path/to/certs

New syntax:

  -object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=no \
  -vnc hostname:0,tls-creds=tls0

Old syntax for x509 credentials, requiring client certs:

  -vnc hostname:0,tls,x509verify=/path/to/certs

New syntax:

  -object tls-creds-x509,id=tls0,dir=/path/to/certs,endpoint=server,verify-peer=yes \
  -vnc hostname:0,tls-creds=tls0

This aligns VNC with the way TLS credentials are to be
configured in the future for chardev, nbd and migration
backends. It also has the benefit that the same TLS
credentials can be shared across multiple VNC server
instances, if desired.

If someone uses the deprecated syntax, it will internally
result in the creation of a 'tls-creds' object with an ID
based on the VNC server ID. This allows backwards compat
with the CLI syntax, while still deleting all the original
TLS code from the VNC server.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-09-15 15:20:55 +01:00
audio ossaudio: fix memory leak 2015-07-08 13:11:01 +02:00
backends baum: Fix build with debugging enabled 2015-09-11 10:21:38 +03:00
block Block layer patches (v2) 2015-09-14 18:51:09 +01:00
bsd-user * Support for jemalloc 2015-09-14 16:13:16 +01:00
crypto crypto: introduce new module for handling TLS sessions 2015-09-15 15:07:43 +01:00
default-configs virtio-vga: enable for i386 2015-09-11 12:18:37 +03:00
disas typofixes - v4 2015-09-11 10:45:43 +03:00
docs qapi: allow override of default enum prefix naming 2015-09-15 10:59:28 +01:00
dtc@65cc4d2748 dtc: Update dtc / libfdt submodule to version 1.4.0 2015-06-03 23:56:49 +02:00
fpu target-s390x: define default NaN values 2015-06-05 01:37:58 +02:00
fsdev maint: remove unused include for dirent.h 2015-09-11 10:21:38 +03:00
gdb-xml s390x/gdb: support reading/writing of control registers 2015-09-07 16:10:43 +02:00
hw * Support for jemalloc 2015-09-14 16:13:16 +01:00
include crypto: introduce new module for handling TLS sessions 2015-09-15 15:07:43 +01:00
libcacard typofixes - v4 2015-09-11 10:45:43 +03:00
libdecnumber typofixes - v4 2015-09-11 10:45:43 +03:00
linux-headers linux-headers: Update to 4.2-rc1 2015-07-06 17:59:01 +02:00
linux-user * Support for jemalloc 2015-09-14 16:13:16 +01:00
migration maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
net trivial: remove trailing newline from error_report 2015-09-11 10:21:38 +03:00
pc-bios pc-bios/s390-ccw: rebuild image 2015-09-07 16:10:43 +02:00
pixman@87eea99e44 pixman: update internal copy to pixman-0.32.6 2014-09-15 08:14:19 +02:00
po Update language files for QEMU 2.4.0 2015-09-11 10:21:38 +03:00
qapi crypto: introduce new base module for TLS credentials 2015-09-15 14:47:37 +01:00
qga typofixes - v4 2015-09-11 10:45:43 +03:00
qobject Include qapi/qmp/qerror.h exactly where needed 2015-06-22 18:20:41 +02:00
qom qom: allow QOM to be linked into tools binaries 2015-09-15 14:35:39 +01:00
roms pseries: Update SLOF firmware image to qemu-slof-20150429 2015-07-07 17:44:49 +02:00
scripts qapi: allow override of default enum prefix naming 2015-09-15 10:59:28 +01:00
slirp qerror: Move #include out of qerror.h 2015-06-22 18:20:40 +02:00
stubs main-loop: introduce qemu_mutex_iothread_locked 2015-07-01 15:45:50 +02:00
target-alpha tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-arm target-arm: Add VMPIDR_EL2 2015-09-14 14:39:51 +01:00
target-cris tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-i386 * Support for jemalloc 2015-09-14 16:13:16 +01:00
target-lm32 tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-m68k tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-microblaze tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-mips tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-moxie tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-openrisc tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-ppc tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-s390x * Support for jemalloc 2015-09-14 16:13:16 +01:00
target-sh4 sh4-next: 2015-09-14 10:46:38 +01:00
target-sparc tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-tricore tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-unicore32 tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-xtensa tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
tcg * Support for jemalloc 2015-09-14 16:13:16 +01:00
tests crypto: introduce new module for handling TLS sessions 2015-09-15 15:07:43 +01:00
trace Remove superfluous '\n' around error_report() 2015-03-10 08:15:33 +03:00
ui ui: convert VNC server to use QCryptoTLSSession 2015-09-15 15:20:55 +01:00
util * Support for jemalloc 2015-09-14 16:13:16 +01:00
.exrc
.gitignore qemu-ga: Add .msi files to .gitignore 2015-09-01 11:07:08 -05:00
.gitmodules PPC: Add u-boot firmware for e500 2014-06-16 13:24:35 +02:00
.mailmap Update mailmap 2013-09-05 09:40:31 -05:00
.travis.yml .travis.yml: Add "--enable-modules" 2015-01-26 12:27:05 +01:00
accel.c accel: Create accel object when initializing machine 2014-10-09 15:36:14 +02:00
aio-posix.c AioContext: optimize clearing the EventNotifier 2015-07-22 12:41:40 +01:00
aio-win32.c AioContext: optimize clearing the EventNotifier 2015-07-22 12:41:40 +01:00
arch_init.c smbios: move smbios code into a common folder 2015-08-13 14:08:30 +03:00
async.c AioContext: force event loop iteration using BH 2015-07-29 10:02:06 +01:00
balloon.c Include monitor/monitor.h exactly where needed 2015-06-22 18:20:41 +02:00
block.c block: Allow specifying driver-specific options to reopen 2015-09-14 16:51:36 +02:00
blockdev-nbd.c Include monitor/monitor.h exactly where needed 2015-06-22 18:20:41 +02:00
blockdev.c block: Drop drv parameter from bdrv_open() 2015-09-14 16:51:36 +02:00
blockjob.c blockjob: add block_job_release function 2015-07-07 14:27:14 +01:00
bootdevice.c misc: fix typos in copyright declaration 2015-03-26 14:21:43 +01:00
bt-host.c sysemu: avoid proliferation of include/ subdirectories 2013-04-15 18:19:25 +02:00
bt-vhci.c sysemu: avoid proliferation of include/ subdirectories 2013-04-15 18:19:25 +02:00
Changelog Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
CODING_STYLE CODING_STYLE: update mixed declaration rules 2015-09-09 15:34:54 +02:00
configure ui: convert VNC server to use QCryptoTLSSession 2015-09-15 15:20:55 +01:00
COPYING
COPYING.LIB
coroutine-gthread.c glib-compat.h: add new thread API emulation on top of pre-2.31 API 2014-06-10 07:44:01 +02:00
coroutine-sigaltstack.c coroutine-sigaltstack: Change jmp_buf to sigjmp_buf 2014-11-11 11:07:55 +03:00
coroutine-ucontext.c coroutine-ucontext: use __thread 2015-01-13 13:43:28 +00:00
coroutine-win32.c coroutine-win32.c: Add noinline attribute to work around gcc bug 2014-06-26 14:08:14 +01:00
cpu-exec.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
cpus.c cpus: remove tcg_halt_cond and tcg_cpu_thread globals 2015-09-09 15:34:55 +02:00
cputlb.c tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
device_tree.c device_tree: Fix a typo 2015-07-27 22:44:47 +03:00
device-hotplug.c pci-hotplug-old: Has been dead for five major releases, bury 2015-03-01 12:37:54 +01:00
disas.c disas: Defeature print_target_address 2015-08-14 23:40:32 +02:00
dma-helpers.c range: remove useless inclusions 2015-04-30 16:05:48 +03:00
dump.c Include qapi/qmp/qerror.h exactly where needed 2015-06-22 18:20:41 +02:00
exec.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
gdbstub.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
HACKING HACKING: Document vaddr type usage 2013-07-23 02:41:31 +02:00
hmp-commands.hx hmp: add info iothreads command 2015-09-04 13:26:26 +02:00
hmp.c hmp: add info iothreads command 2015-09-04 13:26:26 +02:00
hmp.h hmp: add info iothreads command 2015-09-04 13:26:26 +02:00
iohandler.c iohandler: Use aio API 2015-09-07 18:14:03 +02:00
ioport.c - miscellaneous cleanups for TCG (Emilio) and NBD (Bogdan) 2015-04-30 12:04:11 +01:00
iothread.c rcu: actually register threads that have RCU read-side critical sections 2015-07-24 13:57:45 +02:00
kvm-all.c s390x/kvm: make setting of in-kernel irq routes more efficient 2015-09-07 16:10:43 +02:00
kvm-stub.c kvm: some fixes to kvm_resamplefds_allowed 2015-07-06 12:15:14 -06:00
LICENSE vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/hw/vfio 2014-12-19 15:24:06 -07:00
main-loop.c iohandler: Use aio API 2015-09-07 18:14:03 +02:00
MAINTAINERS First batch of s390x patches for 2.5: 2015-09-03 14:33:03 +01:00
Makefile qom: allow QOM to be linked into tools binaries 2015-09-15 14:35:39 +01:00
Makefile.objs qom: allow QOM to be linked into tools binaries 2015-09-15 14:35:39 +01:00
Makefile.target qom: allow QOM to be linked into tools binaries 2015-09-15 14:35:39 +01:00
memory_mapping.c memory_mapping: Rework cpu related includes 2015-06-26 16:00:50 +02:00
memory.c Merge memory_region_init_reservation() into memory_region_init_io() 2015-08-13 11:26:21 +01:00
module-common.c module: implement module loading 2014-02-20 13:14:18 +01:00
monitor.c hmp: add info iothreads command 2015-09-04 13:26:26 +02:00
nbd.c qemu-nbd: only send a limited number of errno codes on the wire 2015-05-08 14:45:11 +02:00
numa.c maint: remove double semicolons in many files 2015-09-11 10:21:38 +03:00
os-posix.c rcu: do not create thread in pthread_atfork callback 2015-04-01 10:06:38 +02:00
os-win32.c maint: remove unused include for signal.h 2015-09-11 10:21:38 +03:00
page_cache.c maint: remove unused include for strings.h 2015-09-11 10:21:38 +03:00
qapi-schema.json crypto: introduce new base module for TLS credentials 2015-09-15 14:47:37 +01:00
qdev-monitor.c Include qapi/qmp/qerror.h exactly where needed 2015-06-22 18:20:41 +02:00
qdict-test-data.txt
qemu-bridge-helper.c qemu-bridge-helper: Fix fd leak in main() 2014-06-27 10:39:10 +02:00
qemu-char.c maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
qemu-coroutine-io.c coroutine-io: Return -errno in case of error 2015-03-18 12:07:21 +01:00
qemu-coroutine-lock.c coroutine: remove unnecessary parentheses in qemu_co_queue_empty 2015-04-30 16:05:49 +03:00
qemu-coroutine-sleep.c coroutine: Drop co_sleep_ns 2014-08-29 10:46:58 +01:00
qemu-coroutine.c coroutine: Clean up qemu_coroutine_enter() 2015-03-09 11:11:59 +01:00
qemu-doc.texi maint: remove / fix many doubled words 2015-09-11 10:21:38 +03:00
qemu-ga.texi qga: start a man page 2015-09-01 13:16:26 -05:00
qemu-img-cmds.hx qemu-img: Add progress output for amend 2014-11-03 11:41:48 +00:00
qemu-img.c qemu-img: Fix crash in amend invocation 2015-09-04 20:59:48 +02:00
qemu-img.texi maint: remove / fix many doubled words 2015-09-11 10:21:38 +03:00
qemu-io-cmds.c qemu-io: Add command 'reopen' 2015-09-14 16:51:36 +02:00
qemu-io.c qemu-io: Remove duplicate 'open' error message 2015-09-14 16:51:36 +02:00
qemu-log.c qemu-log: Correct help text of 'log cpu_reset' 2015-02-10 09:27:20 +03:00
qemu-nbd.c Trivial: fix commandline help message 2015-09-11 10:21:38 +03:00
qemu-nbd.texi nbd: Miscellaneous typo fixes. 2014-05-24 00:07:29 +04:00
qemu-options-wrapper.h
qemu-options.h
qemu-options.hx ui: convert VNC server to use QCryptoTLSSession 2015-09-15 15:20:55 +01:00
qemu-seccomp.c seccomp: add mlockall to whitelist 2015-01-23 14:07:08 +01:00
qemu-tech.texi qemu-doc: fix typos 2015-07-24 13:57:45 +02:00
qemu-timer.c qemu-timer: initialize "timers_done_ev" to set 2015-07-22 12:41:32 +01:00
qemu.nsi nsis: Improved support for parallel installation of 32 and 64 bit code 2013-11-07 07:02:44 +01:00
qemu.sasl sasl: Avoid 'Could not find keytab file' in syslog 2014-03-15 13:54:18 +04:00
qjson.c QJSON: Use OBJECT_CHECK 2015-05-11 08:59:07 -04:00
qmp-commands.hx s390x: Dump storage keys qmp command 2015-09-03 12:17:54 +02:00
qmp.c qmp: Add example usage of strto*l() qemu wrapper 2015-09-09 15:34:54 +02:00
qtest.c qtest: pre-buffer hex nibs 2015-05-22 15:58:22 -04:00
README Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
rules.mak make: load only required dependency files. 2015-08-13 14:08:25 +03:00
softmmu_template.h softmmu: remove now unused functions 2015-09-11 08:16:05 -07:00
spice-qemu-char.c spice: fix spice_chr_add_watch() pre-condition 2015-05-29 09:56:01 +02:00
tcg-runtime.c tcg: Push tcg-runtime routines into exec/helper-* 2014-05-28 09:33:54 -07:00
tci.c tcg: implement real ext_i32_i64 and extu_i32_i64 ops 2015-08-24 11:10:54 -07:00
thread-pool.c thread-pool: clean up thread_pool_completion_bh() 2015-04-28 15:36:09 +02:00
thunk.c linux-user: Allocate thunk size dynamically 2015-06-15 11:36:58 +03:00
tpm.c Include monitor/monitor.h exactly where needed 2015-06-22 18:20:41 +02:00
trace-events crypto: introduce new module for handling TLS sessions 2015-09-15 15:07:43 +01:00
translate-all.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
translate-all.h translate-all: remove unnecessary argument to tb_invalidate_phys_range 2015-06-05 17:09:59 +02:00
user-exec.c osdep.h: Remove qemu_printf 2015-08-19 16:29:53 +01:00
VERSION Open 2.5 development tree 2015-08-11 23:15:55 +01:00
version.rc Use qemu-project.org domain name 2013-10-11 09:34:56 -07:00
vl.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
xen-common-stub.c accel: Move Xen registration code to xen-common.c 2014-10-04 08:59:15 +02:00
xen-common.c migration: Fix regression for xenfv and pc,accel=xen machine. 2015-08-03 16:13:40 +00:00
xen-hvm-stub.c pc: Remove redundant arguments from xen_hvm_init() 2015-09-10 11:05:40 +03:00
xen-hvm.c xen-2015-09-10 2015-09-10 18:25:52 +01:00
xen-mapcache.c maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00

Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org

- QEMU team