2017-08-03 19:28:59 +02:00
|
|
|
Disable TLS by default
|
|
|
|
|
|
|
|
On SUSE distros, the default is for libvirtd to listen only on the
|
|
|
|
Unix Domain Socket. The libvirt client still provides remote access
|
|
|
|
via a SSH tunnel.
|
2020-07-06 18:35:15 +02:00
|
|
|
Index: libvirt-6.5.0/src/remote/remote_daemon_config.c
|
2008-09-01 17:06:07 +02:00
|
|
|
===================================================================
|
2020-07-06 18:35:15 +02:00
|
|
|
--- libvirt-6.5.0.orig/src/remote/remote_daemon_config.c
|
|
|
|
+++ libvirt-6.5.0/src/remote/remote_daemon_config.c
|
2020-01-16 02:52:12 +01:00
|
|
|
@@ -99,7 +99,7 @@ daemonConfigNew(bool privileged G_GNUC_U
|
2019-09-05 18:31:28 +02:00
|
|
|
|
|
|
|
#ifdef WITH_IP
|
|
|
|
# ifdef LIBVIRTD
|
2020-06-02 22:29:59 +02:00
|
|
|
- data->listen_tls = true; /* Only honoured if --listen is set */
|
|
|
|
+ data->listen_tls = false; /* Only honoured if --listen is set */
|
2019-09-05 18:31:28 +02:00
|
|
|
# else /* ! LIBVIRTD */
|
2020-06-02 22:29:59 +02:00
|
|
|
data->listen_tls = false; /* Always honoured, --listen doesn't exist. */
|
2019-09-05 18:31:28 +02:00
|
|
|
# endif /* ! LIBVIRTD */
|
2020-07-06 18:35:15 +02:00
|
|
|
Index: libvirt-6.5.0/src/remote/libvirtd.conf.in
|
2019-09-05 18:31:28 +02:00
|
|
|
===================================================================
|
2020-07-06 18:35:15 +02:00
|
|
|
--- libvirt-6.5.0.orig/src/remote/libvirtd.conf.in
|
|
|
|
+++ libvirt-6.5.0/src/remote/libvirtd.conf.in
|
2019-09-05 18:31:28 +02:00
|
|
|
@@ -17,8 +17,8 @@
|
2008-09-01 17:06:07 +02:00
|
|
|
# It is necessary to setup a CA and issue server certificates before
|
|
|
|
# using this capability.
|
|
|
|
#
|
|
|
|
-# This is enabled by default, uncomment this to disable it
|
|
|
|
-#listen_tls = 0
|
|
|
|
+# This is disabled by default, uncomment this to enable it
|
|
|
|
+#listen_tls = 1
|
|
|
|
|
|
|
|
# Listen for unencrypted TCP connections on the public TCP/IP port.
|
2019-09-05 18:31:28 +02:00
|
|
|
# NB, must pass the --listen flag to the @DAEMON_NAME@ process for this to
|