diff --git a/docs/system/vnc-security.rst b/docs/system/vnc-security.rst index 558e4faffc..ebca656d87 100644 --- a/docs/system/vnc-security.rst +++ b/docs/system/vnc-security.rst @@ -65,7 +65,7 @@ encrypted session. .. parsed-literal:: |qemu_system| [...OPTIONS...] \ - -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=no \ + -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=off \ -vnc :1,tls-creds=tls0 -monitor stdio In the above example ``/etc/pki/qemu`` should contain at least three @@ -84,12 +84,12 @@ connecting. The server will request that the client provide a certificate, which it will then validate against the CA certificate. This is a good choice if deploying in an environment with a private internal certificate authority. It uses the same syntax as previously, -but with ``verify-peer`` set to ``yes`` instead. +but with ``verify-peer`` set to ``on`` instead. .. parsed-literal:: |qemu_system| [...OPTIONS...] \ - -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \ + -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \ -vnc :1,tls-creds=tls0 -monitor stdio .. _vnc_005fsec_005fcertificate_005fpw: @@ -103,7 +103,7 @@ authentication to provide two layers of authentication for clients. .. parsed-literal:: |qemu_system| [...OPTIONS...] \ - -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \ + -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \ -vnc :1,tls-creds=tls0,password -monitor stdio (qemu) change vnc password Password: ******** @@ -145,7 +145,7 @@ x509 options: .. parsed-literal:: |qemu_system| [...OPTIONS...] \ - -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=yes \ + -object tls-creds-x509,id=tls0,dir=/etc/pki/qemu,endpoint=server,verify-peer=on \ -vnc :1,tls-creds=tls0,sasl -monitor stdio .. _vnc_005fsetup_005fsasl: diff --git a/include/authz/listfile.h b/include/authz/listfile.h index 0a1e5bddd3..0b7fe72198 100644 --- a/include/authz/listfile.h +++ b/include/authz/listfile.h @@ -73,7 +73,7 @@ OBJECT_DECLARE_SIMPLE_TYPE(QAuthZListFile, * The object can be created on the command line using * * -object authz-list-file,id=authz0,\ - * filename=/etc/qemu/myvm-vnc.acl,refresh=yes + * filename=/etc/qemu/myvm-vnc.acl,refresh=on * */ struct QAuthZListFile { diff --git a/qemu-options.hx b/qemu-options.hx index 9172d51659..d0410f0512 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -5027,7 +5027,7 @@ SRST Note the use of quotes due to the x509 distinguished name containing whitespace, and escaping of ','. - ``-object authz-listfile,id=id,filename=path,refresh=yes|no`` + ``-object authz-listfile,id=id,filename=path,refresh=on|off`` Create an authorization object that will control access to network services. @@ -5072,7 +5072,7 @@ SRST # |qemu_system| \\ ... \\ - -object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=yes \\ + -object authz-simple,id=auth0,filename=/etc/qemu/vnc-sasl.acl,refresh=on \\ ... ``-object authz-pam,id=id,service=string`` diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233 index 7ce5764903..da150cd27b 100755 --- a/tests/qemu-iotests/233 +++ b/tests/qemu-iotests/233 @@ -84,7 +84,7 @@ echo echo "== check plain client to TLS server fails ==" nbd_server_start_tcp_socket \ - --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \ + --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=on \ --tls-creds tls0 \ -f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log" @@ -129,7 +129,7 @@ echo "== check TLS with authorization ==" nbd_server_stop nbd_server_start_tcp_socket \ - --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes \ + --object tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=on \ --object "authz-simple,id=authz0,identity=CN=localhost,, \ O=Cthulu Dark Lord Enterprises client1,,L=R'lyeh,,C=South Pacific" \ --tls-authz authz0 \