mirror of
https://github.com/qemu/qemu.git
synced 2024-11-25 11:53:39 +08:00
1d7b5b4afd
Make use of the QCryptoSecret object to support loading of
encrypted x509 keys. The optional 'passwordid' parameter
to the tls-creds-x509 object type, provides the ID of a
secret object instance that holds the decryption password
for the PEM file.
# printf "123456" > mypasswd.txt
# $QEMU \
-object secret,id=sec0,filename=mypasswd.txt \
-object tls-creds-x509,passwordid=sec0,id=creds0,\
dir=/home/berrange/.pki/qemu,endpoint=server \
-vnc :1,tls-creds=creds0
This requires QEMU to be linked to GNUTLS >= 3.1.11. If
GNUTLS is too old an error will be reported if an attempt
is made to pass a decryption password.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
||
|---|---|---|
| .. | ||
| aes.c | ||
| cipher-builtin.c | ||
| cipher-gcrypt.c | ||
| cipher-nettle.c | ||
| cipher.c | ||
| desrfb.c | ||
| hash.c | ||
| init.c | ||
| Makefile.objs | ||
| secret.c | ||
| tlscreds.c | ||
| tlscredsanon.c | ||
| tlscredspriv.h | ||
| tlscredsx509.c | ||
| tlssession.c | ||