OpenE2K/qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity
QEMU With E2K User Support
40,917 Commits 9 Branches 0 Tags 459 MiB
C 83.1%
C++ 6.3%
Python 3.2%
Dylan 2.8%
Shell 1.6%
Other 2.8%
9a2fd4347c
Go to file
Daniel P. Berrange 9a2fd4347c crypto: add sanity checking of TLS x509 credentials 
If the administrator incorrectly sets up their x509 certificates,
the errors seen at runtime during connection attempts are very
obscure and difficult to diagnose. This has been a particular
problem for people using openssl to generate their certificates
instead of the gnutls certtool, because the openssl tools don't
turn on the various x509 extensions that gnutls expects to be
present by default.

This change thus adds support in the TLS credentials object to
sanity check the certificates when QEMU first loads them. This
gives the administrator immediate feedback for the majority of
common configuration mistakes, reducing the pain involved in
setting up TLS. The code is derived from equivalent code that
has been part of libvirt's TLS support and has been seen to be
valuable in assisting admins.

It is possible to disable the sanity checking, however, via
the new 'sanity-check' property on the tls-creds object type,
with a value of 'no'.

Unit tests are included in this change to verify the correctness
of the sanity checking code in all the key scenarios it is
intended to cope with. As part of the test suite, the pkix_asn1_tab.c
from gnutls is imported. This file is intentionally copied from the
(long since obsolete) gnutls 1.6.3 source tree, since that version
was still under GPLv2+, rather than the GPLv3+ of gnutls >= 2.0.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2015-09-15 15:05:09 +01:00
audio ossaudio: fix memory leak 2015-07-08 13:11:01 +02:00
backends baum: Fix build with debugging enabled 2015-09-11 10:21:38 +03:00
block Block layer patches (v2) 2015-09-14 18:51:09 +01:00
bsd-user * Support for jemalloc 2015-09-14 16:13:16 +01:00
crypto crypto: add sanity checking of TLS x509 credentials 2015-09-15 15:05:09 +01:00
default-configs virtio-vga: enable for i386 2015-09-11 12:18:37 +03:00
disas typofixes - v4 2015-09-11 10:45:43 +03:00
docs qapi: allow override of default enum prefix naming 2015-09-15 10:59:28 +01:00
dtc@65cc4d2748
fpu
fsdev maint: remove unused include for dirent.h 2015-09-11 10:21:38 +03:00
gdb-xml s390x/gdb: support reading/writing of control registers 2015-09-07 16:10:43 +02:00
hw * Support for jemalloc 2015-09-14 16:13:16 +01:00
include crypto: add sanity checking of TLS x509 credentials 2015-09-15 15:05:09 +01:00
libcacard typofixes - v4 2015-09-11 10:45:43 +03:00
libdecnumber typofixes - v4 2015-09-11 10:45:43 +03:00
linux-headers linux-headers: Update to 4.2-rc1 2015-07-06 17:59:01 +02:00
linux-user * Support for jemalloc 2015-09-14 16:13:16 +01:00
migration maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
net trivial: remove trailing newline from error_report 2015-09-11 10:21:38 +03:00
pc-bios pc-bios/s390-ccw: rebuild image 2015-09-07 16:10:43 +02:00
pixman@87eea99e44
po Update language files for QEMU 2.4.0 2015-09-11 10:21:38 +03:00
qapi crypto: introduce new base module for TLS credentials 2015-09-15 14:47:37 +01:00
qga typofixes - v4 2015-09-11 10:45:43 +03:00
qobject Include qapi/qmp/qerror.h exactly where needed 2015-06-22 18:20:41 +02:00
qom qom: allow QOM to be linked into tools binaries 2015-09-15 14:35:39 +01:00
roms pseries: Update SLOF firmware image to qemu-slof-20150429 2015-07-07 17:44:49 +02:00
scripts qapi: allow override of default enum prefix naming 2015-09-15 10:59:28 +01:00
slirp qerror: Move #include out of qerror.h 2015-06-22 18:20:40 +02:00
stubs main-loop: introduce qemu_mutex_iothread_locked 2015-07-01 15:45:50 +02:00
target-alpha tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-arm target-arm: Add VMPIDR_EL2 2015-09-14 14:39:51 +01:00
target-cris tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-i386 * Support for jemalloc 2015-09-14 16:13:16 +01:00
target-lm32 tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-m68k tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-microblaze tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-mips tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-moxie tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-openrisc tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-ppc tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-s390x * Support for jemalloc 2015-09-14 16:13:16 +01:00
target-sh4 sh4-next: 2015-09-14 10:46:38 +01:00
target-sparc tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-tricore tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-unicore32 tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-xtensa tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
tcg * Support for jemalloc 2015-09-14 16:13:16 +01:00
tests crypto: add sanity checking of TLS x509 credentials 2015-09-15 15:05:09 +01:00
trace
ui maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
util * Support for jemalloc 2015-09-14 16:13:16 +01:00
.exrc
.gitignore qemu-ga: Add .msi files to .gitignore 2015-09-01 11:07:08 -05:00
.gitmodules
.mailmap
.travis.yml
accel.c
aio-posix.c AioContext: optimize clearing the EventNotifier 2015-07-22 12:41:40 +01:00
aio-win32.c AioContext: optimize clearing the EventNotifier 2015-07-22 12:41:40 +01:00
arch_init.c smbios: move smbios code into a common folder 2015-08-13 14:08:30 +03:00
async.c AioContext: force event loop iteration using BH 2015-07-29 10:02:06 +01:00
balloon.c Include monitor/monitor.h exactly where needed 2015-06-22 18:20:41 +02:00
block.c block: Allow specifying driver-specific options to reopen 2015-09-14 16:51:36 +02:00
blockdev-nbd.c Include monitor/monitor.h exactly where needed 2015-06-22 18:20:41 +02:00
blockdev.c block: Drop drv parameter from bdrv_open() 2015-09-14 16:51:36 +02:00
blockjob.c blockjob: add block_job_release function 2015-07-07 14:27:14 +01:00
bootdevice.c
bt-host.c
bt-vhci.c
Changelog
CODING_STYLE CODING_STYLE: update mixed declaration rules 2015-09-09 15:34:54 +02:00
configure crypto: add sanity checking of TLS x509 credentials 2015-09-15 15:05:09 +01:00
COPYING
COPYING.LIB
coroutine-gthread.c
coroutine-sigaltstack.c
coroutine-ucontext.c
coroutine-win32.c
cpu-exec.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
cpus.c cpus: remove tcg_halt_cond and tcg_cpu_thread globals 2015-09-09 15:34:55 +02:00
cputlb.c tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
device_tree.c device_tree: Fix a typo 2015-07-27 22:44:47 +03:00
device-hotplug.c
disas.c disas: Defeature print_target_address 2015-08-14 23:40:32 +02:00
dma-helpers.c
dump.c Include qapi/qmp/qerror.h exactly where needed 2015-06-22 18:20:41 +02:00
exec.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
gdbstub.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
HACKING
hmp-commands.hx hmp: add info iothreads command 2015-09-04 13:26:26 +02:00
hmp.c hmp: add info iothreads command 2015-09-04 13:26:26 +02:00
hmp.h hmp: add info iothreads command 2015-09-04 13:26:26 +02:00
iohandler.c iohandler: Use aio API 2015-09-07 18:14:03 +02:00
ioport.c
iothread.c rcu: actually register threads that have RCU read-side critical sections 2015-07-24 13:57:45 +02:00
kvm-all.c s390x/kvm: make setting of in-kernel irq routes more efficient 2015-09-07 16:10:43 +02:00
kvm-stub.c kvm: some fixes to kvm_resamplefds_allowed 2015-07-06 12:15:14 -06:00
LICENSE
main-loop.c iohandler: Use aio API 2015-09-07 18:14:03 +02:00
MAINTAINERS First batch of s390x patches for 2.5: 2015-09-03 14:33:03 +01:00
Makefile qom: allow QOM to be linked into tools binaries 2015-09-15 14:35:39 +01:00
Makefile.objs qom: allow QOM to be linked into tools binaries 2015-09-15 14:35:39 +01:00
Makefile.target qom: allow QOM to be linked into tools binaries 2015-09-15 14:35:39 +01:00
memory_mapping.c memory_mapping: Rework cpu related includes 2015-06-26 16:00:50 +02:00
memory.c Merge memory_region_init_reservation() into memory_region_init_io() 2015-08-13 11:26:21 +01:00
module-common.c
monitor.c hmp: add info iothreads command 2015-09-04 13:26:26 +02:00
nbd.c
numa.c maint: remove double semicolons in many files 2015-09-11 10:21:38 +03:00
os-posix.c
os-win32.c maint: remove unused include for signal.h 2015-09-11 10:21:38 +03:00
page_cache.c maint: remove unused include for strings.h 2015-09-11 10:21:38 +03:00
qapi-schema.json crypto: introduce new base module for TLS credentials 2015-09-15 14:47:37 +01:00
qdev-monitor.c Include qapi/qmp/qerror.h exactly where needed 2015-06-22 18:20:41 +02:00
qdict-test-data.txt
qemu-bridge-helper.c
qemu-char.c maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
qemu-coroutine-io.c
qemu-coroutine-lock.c
qemu-coroutine-sleep.c
qemu-coroutine.c
qemu-doc.texi maint: remove / fix many doubled words 2015-09-11 10:21:38 +03:00
qemu-ga.texi qga: start a man page 2015-09-01 13:16:26 -05:00
qemu-img-cmds.hx
qemu-img.c qemu-img: Fix crash in amend invocation 2015-09-04 20:59:48 +02:00
qemu-img.texi maint: remove / fix many doubled words 2015-09-11 10:21:38 +03:00
qemu-io-cmds.c qemu-io: Add command 'reopen' 2015-09-14 16:51:36 +02:00
qemu-io.c qemu-io: Remove duplicate 'open' error message 2015-09-14 16:51:36 +02:00
qemu-log.c
qemu-nbd.c Trivial: fix commandline help message 2015-09-11 10:21:38 +03:00
qemu-nbd.texi
qemu-options-wrapper.h
qemu-options.h
qemu-options.hx crypto: introduce new module for TLS x509 credentials 2015-09-15 15:05:06 +01:00
qemu-seccomp.c
qemu-tech.texi qemu-doc: fix typos 2015-07-24 13:57:45 +02:00
qemu-timer.c qemu-timer: initialize "timers_done_ev" to set 2015-07-22 12:41:32 +01:00
qemu.nsi
qemu.sasl
qjson.c
qmp-commands.hx s390x: Dump storage keys qmp command 2015-09-03 12:17:54 +02:00
qmp.c qmp: Add example usage of strto*l() qemu wrapper 2015-09-09 15:34:54 +02:00
qtest.c
README
rules.mak make: load only required dependency files. 2015-08-13 14:08:25 +03:00
softmmu_template.h softmmu: remove now unused functions 2015-09-11 08:16:05 -07:00
spice-qemu-char.c
tcg-runtime.c
tci.c tcg: implement real ext_i32_i64 and extu_i32_i64 ops 2015-08-24 11:10:54 -07:00
thread-pool.c
thunk.c
tpm.c Include monitor/monitor.h exactly where needed 2015-06-22 18:20:41 +02:00
trace-events crypto: add sanity checking of TLS x509 credentials 2015-09-15 15:05:09 +01:00
translate-all.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
translate-all.h
user-exec.c osdep.h: Remove qemu_printf 2015-08-19 16:29:53 +01:00
VERSION Open 2.5 development tree 2015-08-11 23:15:55 +01:00
version.rc
vl.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
xen-common-stub.c
xen-common.c migration: Fix regression for xenfv and pc,accel=xen machine. 2015-08-03 16:13:40 +00:00
xen-hvm-stub.c pc: Remove redundant arguments from xen_hvm_init() 2015-09-10 11:05:40 +03:00
xen-hvm.c xen-2015-09-10 2015-09-10 18:25:52 +01:00
xen-mapcache.c maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00

README 

Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org

- QEMU team