On Di, 2015-03-17 at 10:33 +0000, Daniel P. Berrange wrote: > On Tue, Mar 17, 2015 at 08:36:40AM +0100, Gerd Hoffmann wrote: > > Hi, > > > > > - Separate VNC auth scheme is tracked for websockets server, > > > since it makes no sense to try to use VeNCrypt over a TLS > > > enabled websockets connection. > > > > Hmm. That is a problem for the QAPI, the auth scheme is linked to the > > vnc server not the socket. > > It seems straightforward enough to just do this: > > diff --git a/qapi-schema.json b/qapi-schema.json > index d7c3eec..3362956 100644 > --- a/qapi-schema.json > +++ b/qapi-schema.json > @@ -808,6 +808,7 @@ > 'clients' : ['VncClientInfo'], > 'auth' : 'VncPrimaryAuth', > '*vencrypt' : 'VncVencryptSubAuth', > + '*ws-auth' : 'VncPrimaryAuth', > '*display' : 'str' } } > > And document that 'ws-auth' is used if server->websocket == true
When doing it this way we probably want add '*ws-tls' : 'bool' too. I'm fine either way (adding both or -- given the fixed scheme mapping we have -- none). Pick whatever suits libvirt best. cheers, Gerd
