Copying my comments
(https://bugzilla.redhat.com/show_bug.cgi?id=790436#c8) here as
requested:
===
(In reply to comment #6)
mode='insecure' - don't bother with security
By this, you mean plaintext-only setting, or
On Tue, Feb 14, 2012 at 02:10:37PM -0700, Eric Blake wrote:
Meta-question - if the XML requests secure, but TLS is disabled, should
we instead be failing to start the domain with a complaint that we can't
honor the XML?
Meta-non-answer, when a TLS port is set but TLS is disabled in the config
On Wed, Feb 15, 2012 at 10:08:24AM +0100, Christophe Fergeau wrote:
On Tue, Feb 14, 2012 at 02:10:37PM -0700, Eric Blake wrote:
Meta-question - if the XML requests secure, but TLS is disabled, should
we instead be failing to start the domain with a complaint that we can't
honor the XML?
On Wed, Feb 15, 2012 at 09:59:57AM -0500, Dave Allan wrote:
On Wed, Feb 15, 2012 at 10:08:24AM +0100, Christophe Fergeau wrote:
On Tue, Feb 14, 2012 at 02:10:37PM -0700, Eric Blake wrote:
Meta-question - if the XML requests secure, but TLS is disabled, should
we instead be failing to
On Wed, Feb 15, 2012 at 03:10:47PM +, Daniel P. Berrange wrote:
It enables you to turn on TLS for all guests, regardless of the
domain XML configuration, which is a desirable policy control
knob for a host level administrator to have.
I'm under the impression that it's doing the opposite
On 02/15/2012 09:36 AM, Christophe Fergeau wrote:
On Wed, Feb 15, 2012 at 03:10:47PM +, Daniel P. Berrange wrote:
It enables you to turn on TLS for all guests, regardless of the
domain XML configuration, which is a desirable policy control
knob for a host level administrator to have.
It's possible to disable SPICE TLS in qemu.conf. When this happens,
libvirt ignores any SPICE TLS port or x509 directory that may have
been set when it builds the qemu command line to use. However, it's
not ignoring the secure channels that may have been set and adds
tls-channel arguments to qemu
On 02/14/2012 11:04 AM, Christophe Fergeau wrote:
It's possible to disable SPICE TLS in qemu.conf. When this happens,
libvirt ignores any SPICE TLS port or x509 directory that may have
been set when it builds the qemu command line to use. However, it's
not ignoring the secure channels that may