[...]
>>>>
>>>> static int
>>>> +qemuDomainAddDiskSrcTLSObject(virQEMUDriverPtr driver,
>>>> + virDomainObjPtr vm,
>>>> + virStorageSourcePtr src,
>>>> + const char *srcalias)
>>>> +{
>>>> + int ret = -1;
>>>> + qemuDomainObjPrivatePtr priv = vm->privateData;
>>>> + virJSONValuePtr tlsProps = NULL;
>>>> +
>>>> + /* NB: Initial implementation doesn't require/use a secret to decrypt
>>>> + * a server certificate, so there's no need to manage a tlsSecAlias
>>>
>>> client certificate
>>>
>>
>> No it's the server certificate (server-key.pem) that needs the secret in
>> order to be decrypted.
>
> I think both can be encrypted. What I wanted to point out is that it
> does not make sense to refer to the server certificate in terms of disks
> since they are clients only.
>
True - I'll just the whole paragraph. It's one of those traces I leave
in code comments for later on...
John
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
