diff options
| author | Daniel P. Berrange | 2015-10-15 17:14:42 +0200 |
|---|---|---|
| committer | Daniel P. Berrange | 2015-12-18 17:25:08 +0100 |
| commit | 1d7b5b4afdcd76e24ec3678d5418b29d4ff06ad9 (patch) | |
| tree | 403fca6a61c6ea4bac307c08434b0f0df1ea4b27 /include | |
| parent | crypto: add QCryptoSecret object class for password/key handling (diff) | |
| download | qemu-1d7b5b4afdcd76e24ec3678d5418b29d4ff06ad9.tar.gz qemu-1d7b5b4afdcd76e24ec3678d5418b29d4ff06ad9.tar.xz qemu-1d7b5b4afdcd76e24ec3678d5418b29d4ff06ad9.zip | |
crypto: add support for loading encrypted x509 keys
Make use of the QCryptoSecret object to support loading of
encrypted x509 keys. The optional 'passwordid' parameter
to the tls-creds-x509 object type, provides the ID of a
secret object instance that holds the decryption password
for the PEM file.
# printf "123456" > mypasswd.txt
# $QEMU \
-object secret,id=sec0,filename=mypasswd.txt \
-object tls-creds-x509,passwordid=sec0,id=creds0,\
dir=/home/berrange/.pki/qemu,endpoint=server \
-vnc :1,tls-creds=creds0
This requires QEMU to be linked to GNUTLS >= 3.1.11. If
GNUTLS is too old an error will be reported if an attempt
is made to pass a decryption password.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'include')
| -rw-r--r-- | include/crypto/tlscredsx509.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/crypto/tlscredsx509.h b/include/crypto/tlscredsx509.h index b9785fddcf..25796d7de4 100644 --- a/include/crypto/tlscredsx509.h +++ b/include/crypto/tlscredsx509.h @@ -101,6 +101,7 @@ struct QCryptoTLSCredsX509 { gnutls_certificate_credentials_t data; #endif bool sanityCheck; + char *passwordid; }; |