aboutsummaryrefslogtreecommitdiff
path: root/qemu-options.hx
diff options
context:
space:
mode:
authorDaniel P. Berrangé <berrange@redhat.com>2018-07-25 10:27:51 +0100
committerGerd Hoffmann <kraxel@redhat.com>2018-08-24 08:40:11 +0200
commitec86faa934cb31d97f738134547137f16d17c0d0 (patch)
treef2486a1b06d22d84a68f5aec06f568252baaf7c2 /qemu-options.hx
parent756b9da71958ea0c8b465e8c7f124c1365010922 (diff)
downloadqemu-ec86faa934cb31d97f738134547137f16d17c0d0.zip
qemu-ec86faa934cb31d97f738134547137f16d17c0d0.tar.gz
qemu-ec86faa934cb31d97f738134547137f16d17c0d0.tar.bz2
vnc: remove support for deprecated tls, x509, x509verify options
The 'tls-creds' option accepts the name of a TLS credentials object. This replaced the usage of 'tls', 'x509' and 'x509verify' options in 2.5.0. These deprecated options were grandfathered in when the deprecation policy was introduded in 2.10.0, so can now finally be removed. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-id: 20180725092751.21767-3-berrange@redhat.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'qemu-options.hx')
-rw-r--r--qemu-options.hx43
1 files changed, 0 insertions, 43 deletions
diff --git a/qemu-options.hx b/qemu-options.hx
index 5515dfa..2417154 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -1632,49 +1632,6 @@ will cause the VNC server socket to enable the VeNCrypt auth
mechanism. The credentials should have been previously created
using the @option{-object tls-creds} argument.
-The @option{tls-creds} parameter obsoletes the @option{tls},
-@option{x509}, and @option{x509verify} options, and as such
-it is not permitted to set both new and old type options at
-the same time.
-
-@item tls
-
-Require that client use TLS when communicating with the VNC server. This
-uses anonymous TLS credentials so is susceptible to a man-in-the-middle
-attack. It is recommended that this option be combined with either the
-@option{x509} or @option{x509verify} options.
-
-This option is now deprecated in favor of using the @option{tls-creds}
-argument.
-
-@item x509=@var{/path/to/certificate/dir}
-
-Valid if @option{tls} is specified. Require that x509 credentials are used
-for negotiating the TLS session. The server will send its x509 certificate
-to the client. It is recommended that a password be set on the VNC server
-to provide authentication of the client when this is used. The path following
-this option specifies where the x509 certificates are to be loaded from.
-See the @ref{vnc_security} section for details on generating certificates.
-
-This option is now deprecated in favour of using the @option{tls-creds}
-argument.
-
-@item x509verify=@var{/path/to/certificate/dir}
-
-Valid if @option{tls} is specified. Require that x509 credentials are used
-for negotiating the TLS session. The server will send its x509 certificate
-to the client, and request that the client send its own x509 certificate.
-The server will validate the client's certificate against the CA certificate,
-and reject clients when validation fails. If the certificate authority is
-trusted, this is a sufficient authentication mechanism. You may still wish
-to set a password on the VNC server as a second authentication layer. The
-path following this option specifies where the x509 certificates are to
-be loaded from. See the @ref{vnc_security} section for details on generating
-certificates.
-
-This option is now deprecated in favour of using the @option{tls-creds}
-argument.
-
@item sasl
Require that the client use SASL to authenticate with the VNC server.