[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] tls_allowed_ip_list?



On Tue, Mar 03, 2009 at 09:13:14AM +0100, Chris Lalancette wrote:
> All,
>      While doing testing on TLS, I came across the mention of
> "tls_allowed_ip_list" in the website documentation, here:
> 
> http://libvirt.org/remote.html#Remote_libvirtd_configuration
> 
> However, I don't see any implementation of the tls_allowed_ip_list in libvirt
> itself; a grep through the sources show that we are implementing
> "tls_allowed_dn_list", but not "tls_allowed_ip_list".  Am I missing something in
> the sources?  Should we update the libvirt.org documentation and remove that
> (seemingly non-existent) parameter?  Or should I go in and implement the
> "tls_allowed_ip_list"?

That functionality was removed because it is utterly worthless as an
access control feature, and if you want to block rogue IP (ranges) you
can do it in iptables far more efficiently & flexibly anyway. The
docs just need to be removed

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]