falso
/
qemu-irix
mirror of https://github.com/n64decomp/qemu-irix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
adding Irix (and, to a lesser extent, Solaris) userland emulation to QEMU
40,917 Commits 28 Branches 227 Tags 202 MiB
C 91.8%
Dylan 2.4%
Python 1.9%
Shell 1.3%
C++ 1%
Other 1.5%
Go to file
Daniel P. Berrange 9a2fd4347c crypto: add sanity checking of TLS x509 credentials 
If the administrator incorrectly sets up their x509 certificates,
the errors seen at runtime during connection attempts are very
obscure and difficult to diagnose. This has been a particular
problem for people using openssl to generate their certificates
instead of the gnutls certtool, because the openssl tools don't
turn on the various x509 extensions that gnutls expects to be
present by default.

This change thus adds support in the TLS credentials object to
sanity check the certificates when QEMU first loads them. This
gives the administrator immediate feedback for the majority of
common configuration mistakes, reducing the pain involved in
setting up TLS. The code is derived from equivalent code that
has been part of libvirt's TLS support and has been seen to be
valuable in assisting admins.

It is possible to disable the sanity checking, however, via
the new 'sanity-check' property on the tls-creds object type,
with a value of 'no'.

Unit tests are included in this change to verify the correctness
of the sanity checking code in all the key scenarios it is
intended to cope with. As part of the test suite, the pkix_asn1_tab.c
from gnutls is imported. This file is intentionally copied from the
(long since obsolete) gnutls 1.6.3 source tree, since that version
was still under GPLv2+, rather than the GPLv3+ of gnutls >= 2.0.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
 		2015-09-15 15:05:09 +01:00
audio ossaudio: fix memory leak 2015-07-08 13:11:01 +02:00
backends baum: Fix build with debugging enabled 2015-09-11 10:21:38 +03:00
block Block layer patches (v2) 2015-09-14 18:51:09 +01:00
bsd-user * Support for jemalloc 2015-09-14 16:13:16 +01:00
crypto crypto: add sanity checking of TLS x509 credentials 2015-09-15 15:05:09 +01:00
default-configs virtio-vga: enable for i386 2015-09-11 12:18:37 +03:00
disas typofixes - v4 2015-09-11 10:45:43 +03:00
docs qapi: allow override of default enum prefix naming 2015-09-15 10:59:28 +01:00
dtc@65cc4d2748 dtc: Update dtc / libfdt submodule to version 1.4.0 2015-06-03 23:56:49 +02:00
fpu target-s390x: define default NaN values 2015-06-05 01:37:58 +02:00
fsdev maint: remove unused include for dirent.h 2015-09-11 10:21:38 +03:00
gdb-xml s390x/gdb: support reading/writing of control registers 2015-09-07 16:10:43 +02:00
hw * Support for jemalloc 2015-09-14 16:13:16 +01:00
include crypto: add sanity checking of TLS x509 credentials 2015-09-15 15:05:09 +01:00
libcacard typofixes - v4 2015-09-11 10:45:43 +03:00
libdecnumber typofixes - v4 2015-09-11 10:45:43 +03:00
linux-headers linux-headers: Update to 4.2-rc1 2015-07-06 17:59:01 +02:00
linux-user * Support for jemalloc 2015-09-14 16:13:16 +01:00
migration maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
net trivial: remove trailing newline from error_report 2015-09-11 10:21:38 +03:00
pc-bios pc-bios/s390-ccw: rebuild image 2015-09-07 16:10:43 +02:00
pixman@87eea99e44
po Update language files for QEMU 2.4.0 2015-09-11 10:21:38 +03:00
qapi crypto: introduce new base module for TLS credentials 2015-09-15 14:47:37 +01:00
qga typofixes - v4 2015-09-11 10:45:43 +03:00
qobject Include qapi/qmp/qerror.h exactly where needed 2015-06-22 18:20:41 +02:00
qom qom: allow QOM to be linked into tools binaries 2015-09-15 14:35:39 +01:00
roms pseries: Update SLOF firmware image to qemu-slof-20150429 2015-07-07 17:44:49 +02:00
scripts qapi: allow override of default enum prefix naming 2015-09-15 10:59:28 +01:00
slirp qerror: Move #include out of qerror.h 2015-06-22 18:20:40 +02:00
stubs main-loop: introduce qemu_mutex_iothread_locked 2015-07-01 15:45:50 +02:00
target-alpha tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-arm target-arm: Add VMPIDR_EL2 2015-09-14 14:39:51 +01:00
target-cris tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-i386 * Support for jemalloc 2015-09-14 16:13:16 +01:00
target-lm32 tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-m68k tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-microblaze tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-mips tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-moxie tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-openrisc tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-ppc tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-s390x * Support for jemalloc 2015-09-14 16:13:16 +01:00
target-sh4 sh4-next: 2015-09-14 10:46:38 +01:00
target-sparc tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-tricore tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-unicore32 tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
target-xtensa tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
tcg * Support for jemalloc 2015-09-14 16:13:16 +01:00
tests crypto: add sanity checking of TLS x509 credentials 2015-09-15 15:05:09 +01:00
trace Remove superfluous '\n' around error_report() 2015-03-10 08:15:33 +03:00
ui maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
util * Support for jemalloc 2015-09-14 16:13:16 +01:00
.exrc
.gitignore qemu-ga: Add .msi files to .gitignore 2015-09-01 11:07:08 -05:00
.gitmodules
.mailmap
.travis.yml .travis.yml: Add "--enable-modules" 2015-01-26 12:27:05 +01:00
CODING_STYLE CODING_STYLE: update mixed declaration rules 2015-09-09 15:34:54 +02:00
COPYING
COPYING.LIB
Changelog
HACKING
LICENSE vfio: move hw/misc/vfio.c to hw/vfio/pci.c Move vfio.h into include/hw/vfio 2014-12-19 15:24:06 -07:00
MAINTAINERS First batch of s390x patches for 2.5: 2015-09-03 14:33:03 +01:00
Makefile qom: allow QOM to be linked into tools binaries 2015-09-15 14:35:39 +01:00
Makefile.objs qom: allow QOM to be linked into tools binaries 2015-09-15 14:35:39 +01:00
Makefile.target qom: allow QOM to be linked into tools binaries 2015-09-15 14:35:39 +01:00
README
VERSION Open 2.5 development tree 2015-08-11 23:15:55 +01:00
accel.c accel: Create accel object when initializing machine 2014-10-09 15:36:14 +02:00
aio-posix.c AioContext: optimize clearing the EventNotifier 2015-07-22 12:41:40 +01:00
aio-win32.c AioContext: optimize clearing the EventNotifier 2015-07-22 12:41:40 +01:00
arch_init.c smbios: move smbios code into a common folder 2015-08-13 14:08:30 +03:00
async.c AioContext: force event loop iteration using BH 2015-07-29 10:02:06 +01:00
balloon.c Include monitor/monitor.h exactly where needed 2015-06-22 18:20:41 +02:00
block.c block: Allow specifying driver-specific options to reopen 2015-09-14 16:51:36 +02:00
blockdev-nbd.c Include monitor/monitor.h exactly where needed 2015-06-22 18:20:41 +02:00
blockdev.c block: Drop drv parameter from bdrv_open() 2015-09-14 16:51:36 +02:00
blockjob.c blockjob: add block_job_release function 2015-07-07 14:27:14 +01:00
bootdevice.c misc: fix typos in copyright declaration 2015-03-26 14:21:43 +01:00
bt-host.c
bt-vhci.c
configure crypto: add sanity checking of TLS x509 credentials 2015-09-15 15:05:09 +01:00
coroutine-gthread.c
coroutine-sigaltstack.c coroutine-sigaltstack: Change jmp_buf to sigjmp_buf 2014-11-11 11:07:55 +03:00
coroutine-ucontext.c coroutine-ucontext: use __thread 2015-01-13 13:43:28 +00:00
coroutine-win32.c
cpu-exec.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
cpus.c cpus: remove tcg_halt_cond and tcg_cpu_thread globals 2015-09-09 15:34:55 +02:00
cputlb.c tlb: Add "ifetch" argument to cpu_mmu_index() 2015-09-11 08:15:28 -07:00
device-hotplug.c pci-hotplug-old: Has been dead for five major releases, bury 2015-03-01 12:37:54 +01:00
device_tree.c device_tree: Fix a typo 2015-07-27 22:44:47 +03:00
disas.c disas: Defeature print_target_address 2015-08-14 23:40:32 +02:00
dma-helpers.c range: remove useless inclusions 2015-04-30 16:05:48 +03:00
dump.c Include qapi/qmp/qerror.h exactly where needed 2015-06-22 18:20:41 +02:00
exec.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
gdbstub.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
hmp-commands.hx hmp: add info iothreads command 2015-09-04 13:26:26 +02:00
hmp.c hmp: add info iothreads command 2015-09-04 13:26:26 +02:00
hmp.h hmp: add info iothreads command 2015-09-04 13:26:26 +02:00
iohandler.c iohandler: Use aio API 2015-09-07 18:14:03 +02:00
ioport.c - miscellaneous cleanups for TCG (Emilio) and NBD (Bogdan) 2015-04-30 12:04:11 +01:00
iothread.c rcu: actually register threads that have RCU read-side critical sections 2015-07-24 13:57:45 +02:00
kvm-all.c s390x/kvm: make setting of in-kernel irq routes more efficient 2015-09-07 16:10:43 +02:00
kvm-stub.c kvm: some fixes to kvm_resamplefds_allowed 2015-07-06 12:15:14 -06:00
main-loop.c iohandler: Use aio API 2015-09-07 18:14:03 +02:00
memory.c Merge memory_region_init_reservation() into memory_region_init_io() 2015-08-13 11:26:21 +01:00
memory_mapping.c memory_mapping: Rework cpu related includes 2015-06-26 16:00:50 +02:00
module-common.c
monitor.c hmp: add info iothreads command 2015-09-04 13:26:26 +02:00
nbd.c qemu-nbd: only send a limited number of errno codes on the wire 2015-05-08 14:45:11 +02:00
numa.c maint: remove double semicolons in many files 2015-09-11 10:21:38 +03:00
os-posix.c rcu: do not create thread in pthread_atfork callback 2015-04-01 10:06:38 +02:00
os-win32.c maint: remove unused include for signal.h 2015-09-11 10:21:38 +03:00
page_cache.c maint: remove unused include for strings.h 2015-09-11 10:21:38 +03:00
qapi-schema.json crypto: introduce new base module for TLS credentials 2015-09-15 14:47:37 +01:00
qdev-monitor.c Include qapi/qmp/qerror.h exactly where needed 2015-06-22 18:20:41 +02:00
qdict-test-data.txt
qemu-bridge-helper.c
qemu-char.c maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00
qemu-coroutine-io.c coroutine-io: Return -errno in case of error 2015-03-18 12:07:21 +01:00
qemu-coroutine-lock.c coroutine: remove unnecessary parentheses in qemu_co_queue_empty 2015-04-30 16:05:49 +03:00
qemu-coroutine-sleep.c
qemu-coroutine.c coroutine: Clean up qemu_coroutine_enter() 2015-03-09 11:11:59 +01:00
qemu-doc.texi maint: remove / fix many doubled words 2015-09-11 10:21:38 +03:00
qemu-ga.texi qga: start a man page 2015-09-01 13:16:26 -05:00
qemu-img-cmds.hx qemu-img: Add progress output for amend 2014-11-03 11:41:48 +00:00
qemu-img.c qemu-img: Fix crash in amend invocation 2015-09-04 20:59:48 +02:00
qemu-img.texi maint: remove / fix many doubled words 2015-09-11 10:21:38 +03:00
qemu-io-cmds.c qemu-io: Add command 'reopen' 2015-09-14 16:51:36 +02:00
qemu-io.c qemu-io: Remove duplicate 'open' error message 2015-09-14 16:51:36 +02:00
qemu-log.c qemu-log: Correct help text of 'log cpu_reset' 2015-02-10 09:27:20 +03:00
qemu-nbd.c Trivial: fix commandline help message 2015-09-11 10:21:38 +03:00
qemu-nbd.texi
qemu-options-wrapper.h
qemu-options.h
qemu-options.hx crypto: introduce new module for TLS x509 credentials 2015-09-15 15:05:06 +01:00
qemu-seccomp.c seccomp: add mlockall to whitelist 2015-01-23 14:07:08 +01:00
qemu-tech.texi qemu-doc: fix typos 2015-07-24 13:57:45 +02:00
qemu-timer.c qemu-timer: initialize "timers_done_ev" to set 2015-07-22 12:41:32 +01:00
qemu.nsi
qemu.sasl
qjson.c QJSON: Use OBJECT_CHECK 2015-05-11 08:59:07 -04:00
qmp-commands.hx s390x: Dump storage keys qmp command 2015-09-03 12:17:54 +02:00
qmp.c qmp: Add example usage of strto*l() qemu wrapper 2015-09-09 15:34:54 +02:00
qtest.c qtest: pre-buffer hex nibs 2015-05-22 15:58:22 -04:00
rules.mak make: load only required dependency files. 2015-08-13 14:08:25 +03:00
softmmu_template.h softmmu: remove now unused functions 2015-09-11 08:16:05 -07:00
spice-qemu-char.c spice: fix spice_chr_add_watch() pre-condition 2015-05-29 09:56:01 +02:00
tcg-runtime.c
tci.c tcg: implement real ext_i32_i64 and extu_i32_i64 ops 2015-08-24 11:10:54 -07:00
thread-pool.c thread-pool: clean up thread_pool_completion_bh() 2015-04-28 15:36:09 +02:00
thunk.c linux-user: Allocate thunk size dynamically 2015-06-15 11:36:58 +03:00
tpm.c Include monitor/monitor.h exactly where needed 2015-06-22 18:20:41 +02:00
trace-events crypto: add sanity checking of TLS x509 credentials 2015-09-15 15:05:09 +01:00
translate-all.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
translate-all.h translate-all: remove unnecessary argument to tb_invalidate_phys_range 2015-06-05 17:09:59 +02:00
user-exec.c osdep.h: Remove qemu_printf 2015-08-19 16:29:53 +01:00
version.rc
vl.c * Support for jemalloc 2015-09-14 16:13:16 +01:00
xen-common-stub.c accel: Move Xen registration code to xen-common.c 2014-10-04 08:59:15 +02:00
xen-common.c migration: Fix regression for xenfv and pc,accel=xen machine. 2015-08-03 16:13:40 +00:00
xen-hvm-stub.c pc: Remove redundant arguments from xen_hvm_init() 2015-09-10 11:05:40 +03:00
xen-hvm.c xen-2015-09-10 2015-09-10 18:25:52 +01:00
xen-mapcache.c maint: avoid useless "if (foo) free(foo)" pattern 2015-09-11 10:21:38 +03:00

README 

Read the documentation in qemu-doc.html or on http://wiki.qemu-project.org

- QEMU team