Daniel P. Berrange wrote:
On Mon, Feb 19, 2007 at 06:37:39PM -0500, Christopher Olsen wrote:
On Monday 19 February 2007 17:52, Fabrice Bellard wrote:
On the technical side, adding OpenSSL support in the current VNC
implementation is QEMU seems easy (OpenSSL has a non blocking API which
can be used with the current callback API).
Fabrice.
Good call... Let me look into that.
Actually OpenSSL has some potential licensing issues when combined with
GPL code so I'd avoid it. The GNU TLS library, however, is just as easy
to integrate into existing programs - I've modified a number of apps to
use it very successfully. Or if you want support for all manner of
crypto key management hardware devices, there's also Mozilla NSS libraries.
All support non-blocking APIs, so aside from the extra code to do the TLS
handshake and key verification, there's little modification needed to
the main codebase - eg for GNU TLS once handshake is complete you can
simply replace read()/write() calls with gnutls_read() / gnutls_write()
While this is all well and good, there is still the fundamental problem
of how does one associate credentials with a VM. The actual security
mechanism is, IMHO, just an implementation detail.
Regards,
Anthony Liguori
Regards,
Dan.
[1] http://lists.debian.org/debian-legal/2004/05/msg00595.html
http://www.gnome.org/~markmc/openssl-and-the-gpl.html
_______________________________________________
Qemu-devel mailing list
Qemu-devel@nongnu.org
http://lists.nongnu.org/mailman/listinfo/qemu-devel
