aboutsummaryrefslogtreecommitdiff
path: root/include/crypto
diff options
context:
space:
mode:
authorDaniel P. Berrange <berrange@redhat.com>2015-10-15 16:14:42 +0100
committerDaniel P. Berrange <berrange@redhat.com>2015-12-18 16:25:08 +0000
commit1d7b5b4afdcd76e24ec3678d5418b29d4ff06ad9 (patch)
tree403fca6a61c6ea4bac307c08434b0f0df1ea4b27 /include/crypto
parentac1d88784907c9603b3849b2c3043259f75ed2a5 (diff)
crypto: add support for loading encrypted x509 keys
Make use of the QCryptoSecret object to support loading of encrypted x509 keys. The optional 'passwordid' parameter to the tls-creds-x509 object type, provides the ID of a secret object instance that holds the decryption password for the PEM file. # printf "123456" > mypasswd.txt # $QEMU \ -object secret,id=sec0,filename=mypasswd.txt \ -object tls-creds-x509,passwordid=sec0,id=creds0,\ dir=/home/berrange/.pki/qemu,endpoint=server \ -vnc :1,tls-creds=creds0 This requires QEMU to be linked to GNUTLS >= 3.1.11. If GNUTLS is too old an error will be reported if an attempt is made to pass a decryption password. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'include/crypto')
-rw-r--r--include/crypto/tlscredsx509.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/crypto/tlscredsx509.h b/include/crypto/tlscredsx509.h
index b9785fddcf..25796d7de4 100644
--- a/include/crypto/tlscredsx509.h
+++ b/include/crypto/tlscredsx509.h
@@ -101,6 +101,7 @@ struct QCryptoTLSCredsX509 {
gnutls_certificate_credentials_t data;
#endif
bool sanityCheck;
+ char *passwordid;
};