2011/1/8 Justin Clift <jclift@xxxxxxxxxx>: > Hi guys, > > Created the windows libvirt 0.8.7 installer using Matthias's updated scripting: > > Âhttp://libvirt.org/sources/win32_experimental/Libvirt-0.8.7-0.exe > > Does someone have time to test and confirm it's ok, before we point to it from > the website? > > Arnaud, this version of the installer adds the virsh bin directory to the system PATH > variable. ÂSo I'm thinking don't need to copy the libvirt dll's around, when using > your C# bindings. > > If you've have time to test that, it would be great. ÂCould then update the web page > with that info. :) > > Regards and best wishes, > > Justin Clift The readme suggests (at least to me) that the TLS certs for libvirt's TLS transport and the ESX driver using HTTPS are the same: "TLS certificates are needed prior to connecting to either QEMU instances with TLS, or connecting to VMware ESX/vSphere." Yes, the ESX driver (actually libcurl) needs to know the cacert.pem for the key that signed the HTTPS certificate in order to verify the server's certificate. That's what you can disable using the no_verify=1 query parameter. But HTTPS doesn't do mutual verification as libvirt's TLS transport does. There is no clientcert/key.pem involved in HTTPS. The ESX driver could tell libcurl to add libvirt's cacert.pem to the certificate pool that libcurl uses to verify the HTTPS certificate. Currently it doesn't do this and libcurl just uses the common certificate pool provided by the OS. A while ago I tested this (generating and using a certificate set independent from libvirt ones for ESX) and it worked on Ubuntu. I didn't test this on Windows yet, but I've added this to my todo list now. Another thing is that the installer adds the bin directory to the path unconditionally. I'd suggest to ask to let the user choose this, for example like the msysGit InnoSetup-based installer does. The rest looks good :) Matthias -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list