Alon Bar-Lev has uploaded a new change for review. Change subject: BZ#846609: bootstrap: remove dh key generation ......................................................................
BZ#846609: bootstrap: remove dh key generation Before VDSM used libvirt, it configured qemu with spice TLS with DH key. Using DH key for TLS/SSL is encouraged, as it detach between the encryption and authentication layers. qemu supports x509-dh-key-file parameter, libvirt does not use this parameter. qemu supports x509-dir parameter, within it expects to find pre-defined structure of certificate and key material. libvirt does use this parameter. However, qemu only looks for ca, crl, cert, key, so even if we have DH key, it won't be used. Removing DH key generation. Change-Id: I820c8599516cd4c4e3bf7ad73ee2c1c6dee22c47 Signed-off-by: Alon Bar-Lev <[email protected]> --- M vds_bootstrap/vds_bootstrap.py M vdsm_reg/deployUtil.py.in M vdsm_reg/vdsm-gen-cert 3 files changed, 3 insertions(+), 11 deletions(-) git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/73/7073/1 -- To view, visit http://gerrit.ovirt.org/7073 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I820c8599516cd4c4e3bf7ad73ee2c1c6dee22c47 Gerrit-PatchSet: 1 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <[email protected]> _______________________________________________ vdsm-patches mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
