On 02/09/2015 13:17, Daniel P. Berrange wrote: > This small patch series is a formal submission of another part > of my previous series > > v1: https://lists.gnu.org/archive/html/qemu-devel/2015-04/msg02038.html > v2: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg01267.html > v3: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg01386.html > v4: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02655.html > v5: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg03159.html > > Now we have the basic crypto module defined for hash/cipher APIs, > we extend it to also cover TLS credential and TLS session handling > APIs. These new TLS related APIs obsolete the vast majority of the > TLS handling code in the current VNC server. As a result the VNC > server no longer has to worry about conditional compilation for > GNUTLS. It also gives us code reuse for future patches which intend > to add TLS support to chardevs, migration, nbd, etc. > > This series deprecates the existing way of configuring TLS for > VNC on the command line, but maintains support for back-compat > reasons. > > Since the TLS code is now totally isolated from the VNC server it > is also practical to provide significant unit test coverage of what > is security critical code. > > Aside from the new CLI syntax for configuring TLS with VNC, the > only other functional change is to allow diffie-hellman params > to be loaded from a file, instead of being generated at startup. > > Changes in v6: > > - Remove use of -Wl,--whole-archive added in v5 since it > bloated the binary sizes too much > - Move crypto code out of libqemuutil.a to allow linking > with QOM without problem of linker dropping objects only > referenced via constructors > - Allow tools to link to QOM objects > - Remove repetition in unit test object deps > - Remove trailing '.' from error messages in TLS code > - Remove leading '_' from struct name in TLS session > - Fix leak of TLS credentials in cert checking error path > - Added docs for enhancement to enum code generator > - Misc docs typos & indentation fixes > - Add more sanity checking to enum code generator > - Add tests to cover enum code generator enhancement > - Fix dereference of Error **errp variables > - Fix overwriting of already set Error * variable in tests > - Use CHAR_BIT constant in sasl code > - Fix incorrect return status in VNC TLS code errorpath
I think the patches are great, and I'm not sure if anyone is in a better position than you to decide if they're ready. I don't even know if anyone really understands the VNC TLS code and thus can review patch 11. :) So I would just ask you to send a pull request. Paolo
