[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Libvirt 0.8.7 installer ready for testing



On Mon, Jan 10, 2011 at 03:51:42PM +0100, Matthias Bolte wrote:
> 2011/1/8 Justin Clift <jclift redhat com>:
> > Hi guys,
> >
> > Created the windows libvirt 0.8.7 installer using Matthias's updated scripting:
> >
> >  http://libvirt.org/sources/win32_experimental/Libvirt-0.8.7-0.exe
> >
> > Does someone have time to test and confirm it's ok, before we point to it from
> > the website?
> >
> > Arnaud, this version of the installer adds the virsh bin directory to the system PATH
> > variable.  So I'm thinking don't need to copy the libvirt dll's around, when using
> > your C# bindings.
> >
> > If you've have time to test that, it would be great.  Could then update the web page
> > with that info. :)
> >
> > Regards and best wishes,
> >
> > Justin Clift
> 
> The readme suggests (at least to me) that the TLS certs for libvirt's
> TLS transport and the ESX driver using HTTPS are the same:
> 
> "TLS certificates are needed prior to connecting to either
> QEMU instances with TLS, or connecting to VMware
> ESX/vSphere."
> 
> Yes, the ESX driver (actually libcurl) needs to know the cacert.pem
> for the key that signed the HTTPS certificate in order to verify the
> server's certificate. That's what you can disable using the
> no_verify=1 query parameter. But HTTPS doesn't do mutual verification
> as libvirt's TLS transport does. There is no clientcert/key.pem
> involved in HTTPS.

Actually HTTPS as a generic protcool *can* do mutual authentication
requiring a client certificate - the Fedora build system uses this
capability. Whether libcurl implements support for this, and whether
VMWare ESX server requests it, are the actual questions to ask :-)

Daniel


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]