Message ID | 20171208141430.21169-1-cfergeau@redhat.com |
---|---|
State | New |
Headers | show |
Series | docs: Document -object tls-creds-x509 priority=xxx | expand |
On Fri, Dec 08, 2017 at 03:14:30PM +0100, Christophe Fergeau wrote: > This was added in 13f1243, but is missing from qemu-options.hx > > Signed-off-by: Christophe Fergeau <cfergeau@redhat.com> > --- > qemu-options.hx | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/qemu-options.hx b/qemu-options.hx > index f11c4ac960..118784ceb7 100644 > --- a/qemu-options.hx > +++ b/qemu-options.hx > @@ -4249,7 +4249,7 @@ expensive operation that consumes random pool entropy, so it is > recommended that a persistent set of parameters be generated > upfront and saved. > > -@item -object tls-creds-x509,id=@var{id},endpoint=@var{endpoint},dir=@var{/path/to/cred/dir},verify-peer=@var{on|off},passwordid=@var{id} > +@item -object tls-creds-x509,id=@var{id},endpoint=@var{endpoint},dir=@var{/path/to/cred/dir},priority=@var{priority},verify-peer=@var{on|off},passwordid=@var{id} > > Creates a TLS anonymous credentials object, which can be used to provide > TLS support on network backends. The @option{id} parameter is a unique > @@ -4282,6 +4282,15 @@ version by providing the @var{passwordid} parameter. This provides > the ID of a previously created @code{secret} object containing the > password for decryption. > > +The @var{priority} parameter allows to override the global default > +priority used by gnutls. This can be useful if the system administrator > +needs to use a weaker set of crypto priorities for QEMU without > +potentially forcing the weakness onto all applications. Or conversely > +if one wants wants a stronger default for QEMU than for all other > +applications, they can do this through this parameter. Its format is > +a gnutls priority string as described at > +@url{https://gnutls.org/manual/html_node/Priority-Strings.html}. > + > @item -object filter-buffer,id=@var{id},netdev=@var{netdevid},interval=@var{t}[,queue=@var{all|rx|tx}][,status=@var{on|off}] > > Interval @var{t} can't be 0, this filter batches the packet delivery: all Reviewed-by: Daniel P. Berrange <berrange@redhat.com> Regards, Daniel
diff --git a/qemu-options.hx b/qemu-options.hx index f11c4ac960..118784ceb7 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -4249,7 +4249,7 @@ expensive operation that consumes random pool entropy, so it is recommended that a persistent set of parameters be generated upfront and saved. -@item -object tls-creds-x509,id=@var{id},endpoint=@var{endpoint},dir=@var{/path/to/cred/dir},verify-peer=@var{on|off},passwordid=@var{id} +@item -object tls-creds-x509,id=@var{id},endpoint=@var{endpoint},dir=@var{/path/to/cred/dir},priority=@var{priority},verify-peer=@var{on|off},passwordid=@var{id} Creates a TLS anonymous credentials object, which can be used to provide TLS support on network backends. The @option{id} parameter is a unique @@ -4282,6 +4282,15 @@ version by providing the @var{passwordid} parameter. This provides the ID of a previously created @code{secret} object containing the password for decryption. +The @var{priority} parameter allows to override the global default +priority used by gnutls. This can be useful if the system administrator +needs to use a weaker set of crypto priorities for QEMU without +potentially forcing the weakness onto all applications. Or conversely +if one wants wants a stronger default for QEMU than for all other +applications, they can do this through this parameter. Its format is +a gnutls priority string as described at +@url{https://gnutls.org/manual/html_node/Priority-Strings.html}. + @item -object filter-buffer,id=@var{id},netdev=@var{netdevid},interval=@var{t}[,queue=@var{all|rx|tx}][,status=@var{on|off}] Interval @var{t} can't be 0, this filter batches the packet delivery: all
This was added in 13f1243, but is missing from qemu-options.hx Signed-off-by: Christophe Fergeau <cfergeau@redhat.com> --- qemu-options.hx | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)