The original descirption for *_tls_x509_verify is a little misleading by saying that "Enabling this option will reject any client who does not have a ca-cert.pem certificate". Signed-off-by: Fangge Jin <fjin@xxxxxxxxxx> --- src/qemu/qemu.conf | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index a96bedb114..b1bd3cecbd 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -109,9 +109,8 @@ # issuing an x509 certificate to every client who needs to connect. # # Enabling this option will reject any client that does not have a -# ca-cert.pem certificate signed by the CA in the vnc_tls_x509_cert_dir -# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem -# files described in default_tls_x509_cert_dir. +# certificate(as described in default_tls_x509_verify) signed by the +# CA in the vnc_tls_x509_cert_dir (or default_tls_x509_cert_dir). # # If this option is not supplied, it will be set to the value of # "default_tls_x509_verify". @@ -248,9 +247,8 @@ # issuing an x509 certificate to every client who needs to connect. # # Enabling this option will reject any client that does not have a -# ca-cert.pem certificate signed by the CA in the chardev_tls_x509_cert_dir -# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem -# files described in default_tls_x509_cert_dir. +# certificate(as described in default_tls_x509_verify) signed by the +# CA in the chardev_tls_x509_cert_dir (or default_tls_x509_cert_dir). # # If this option is not supplied, it will be set to the value of # "default_tls_x509_verify". @@ -375,9 +373,8 @@ # issuing an x509 certificate to every client who needs to connect. # # Enabling this option will reject any client that does not have a -# ca-cert.pem certificate signed by the CA in the migrate_tls_x509_cert_dir -# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem -# files described in default_tls_x509_cert_dir. +# certificate(as described in default_tls_x509_verify) signed by the +# CA in the migrate_tls_x509_cert_dir (or default_tls_x509_cert_dir). # # If this option is not supplied, it will be set to the value of # "default_tls_x509_verify". @@ -412,9 +409,8 @@ # issuing an x509 certificate to every client who needs to connect. # # Enabling this option will reject any client that does not have a -# ca-cert.pem certificate signed by the CA in the backup_tls_x509_cert_dir -# (or default_tls_x509_cert_dir) as well as the corresponding client-*.pem -# files described in default_tls_x509_cert_dir. +# certificate(as described in default_tls_x509_verify) signed by the +# CA in the backup_tls_x509_cert_dir (or default_tls_x509_cert_dir). # # If this option is not supplied, it will be set to the value of # "default_tls_x509_verify". -- 2.20.1