Re: [libvirt] tls_allowed_ip_list?

[Chris Lalancette <clalance redhat com>]

Daniel Veillard wrote:
> On Tue, Mar 03, 2009 at 09:13:14AM +0100, Chris Lalancette wrote:
>> All,
>>      While doing testing on TLS, I came across the mention of
>> "tls_allowed_ip_list" in the website documentation, here:
>>
>> http://libvirt.org/remote.html#Remote_libvirtd_configuration
>>
>> However, I don't see any implementation of the tls_allowed_ip_list in libvirt
>> itself; a grep through the sources show that we are implementing
>> "tls_allowed_dn_list", but not "tls_allowed_ip_list".  Am I missing something in
>> the sources?  Should we update the libvirt.org documentation and remove that
>> (seemingly non-existent) parameter?  Or should I go in and implement the
>> "tls_allowed_ip_list"?
> 
>   Hum, I don't remember the history, I guess the simplest is to make a
> small change to the doc along the line "(not implemented yet)" and
> work on a patch. Unless we really think dn certificate checks are really
> superior and ip check is not needed (I have no opinion !)

Right, that was my thought too; perhaps DN checks are enough.  I guess we should
let DanB weigh in, since it's basically a documentation issue at the moment.

-- 
Chris Lalancette