"e8ae8b1a" (history) in projects: qemu - OpenGrok search results

Project(s)

Full Search
Definition
Symbol
File Path
History
Type

Searched hist:e8ae8b1a (Results 1 – 3 of 3) sorted by relevance

/qemu/
H A D	blockdev-nbd.c	e8ae8b1a Fri Mar 04 19:36:03 GMT 2022 Daniel P. Berrangé <berrange@redhat.com> block/nbd: don't restrict TLS usage to IP sockets The TLS usage for NBD was restricted to IP sockets because validating x509 certificates requires knowledge of the hostname that the client is connecting to. TLS does not have to use x509 certificates though, as PSK (pre-shared keys) provide an alternative credential option. These have no requirement for a hostname and can thus be trivially used for UNIX sockets. Furthermore, with the ability to overide the default hostname for TLS validation in the previous patch, it is now also valid to want to use x509 certificates with FD passing and UNIX sockets. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220304193610.3293146-6-berrange@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
H A D	qemu-nbd.c	e8ae8b1a Fri Mar 04 19:36:03 GMT 2022 Daniel P. Berrangé <berrange@redhat.com> block/nbd: don't restrict TLS usage to IP sockets The TLS usage for NBD was restricted to IP sockets because validating x509 certificates requires knowledge of the hostname that the client is connecting to. TLS does not have to use x509 certificates though, as PSK (pre-shared keys) provide an alternative credential option. These have no requirement for a hostname and can thus be trivially used for UNIX sockets. Furthermore, with the ability to overide the default hostname for TLS validation in the previous patch, it is now also valid to want to use x509 certificates with FD passing and UNIX sockets. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220304193610.3293146-6-berrange@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
/qemu/block/
H A D	nbd.c	e8ae8b1a Fri Mar 04 19:36:03 GMT 2022 Daniel P. Berrangé <berrange@redhat.com> block/nbd: don't restrict TLS usage to IP sockets The TLS usage for NBD was restricted to IP sockets because validating x509 certificates requires knowledge of the hostname that the client is connecting to. TLS does not have to use x509 certificates though, as PSK (pre-shared keys) provide an alternative credential option. These have no requirement for a hostname and can thus be trivially used for UNIX sockets. Furthermore, with the ability to overide the default hostname for TLS validation in the previous patch, it is now also valid to want to use x509 certificates with FD passing and UNIX sockets. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220304193610.3293146-6-berrange@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>