git.ipfire.org Git - thirdparty/qemu.git/commit

author	Daniel P. Berrange <berrange@redhat.com>
	Thu, 15 Oct 2015 15:14:42 +0000 (16:14 +0100)
committer	Daniel P. Berrange <berrange@redhat.com>
	Fri, 18 Dec 2015 16:25:08 +0000 (16:25 +0000)
commit	1d7b5b4afdcd76e24ec3678d5418b29d4ff06ad9
tree	403fca6a61c6ea4bac307c08434b0f0df1ea4b27	tree \| snapshot
parent	ac1d88784907c9603b3849b2c3043259f75ed2a5	commit \| diff

crypto: add support for loading encrypted x509 keys

Make use of the QCryptoSecret object to support loading of
encrypted x509 keys. The optional 'passwordid' parameter
to the tls-creds-x509 object type, provides the ID of a
secret object instance that holds the decryption password
for the PEM file.

# printf "123456" > mypasswd.txt
# $QEMU \
    -object secret,id=sec0,filename=mypasswd.txt \
    -object tls-creds-x509,passwordid=sec0,id=creds0,\
            dir=/home/berrange/.pki/qemu,endpoint=server \
    -vnc :1,tls-creds=creds0

This requires QEMU to be linked to GNUTLS >= 3.1.11. If
GNUTLS is too old an error will be reported if an attempt
is made to pass a decryption password.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

crypto/tlscredsx509.c		diff \| blob \| blame \| history
include/crypto/tlscredsx509.h		diff \| blob \| blame \| history
qemu-options.hx		diff \| blob \| blame \| history