On 11/13/20 9:01 AM, Peter Krempa wrote: > The migration stream connection and also the NBD server for non-shared > storage migration don't have any other form of client authentication on > top of the TLS transport, so the only way to authenticate clients is to > verify their certificate. > > Enable this option by defauilt when both 'migrate_tls_x509_verify' and > 'default_tls_x509_verify' were not configured. > > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1879477 > Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> > --- > src/qemu/qemu.conf | 3 ++- > src/qemu/qemu_conf.c | 2 +- > 2 files changed, 3 insertions(+), 2 deletions(-) > > diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf > index 8a1a50d664..d621dad53b 100644 > --- a/src/qemu/qemu.conf > +++ b/src/qemu/qemu.conf > @@ -385,7 +385,8 @@ > # CA in the migrate_tls_x509_cert_dir (or default_tls_x509_cert_dir). > # > # If this option is not supplied, it will be set to the value of > -# "default_tls_x509_verify". > +# "default_tls_x509_verify". If "default_tls_x509_verify" is not supplied > +# either the default is "1". s/either/either,/ Reviewed-by: Eric Blake <eblake@xxxxxxxxxx> -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
