Google Git
Sign in
qemu / qemu / a0cd6d297283bedffafce939dce38f3d06f3e2cd
commita0cd6d297283bedffafce939dce38f3d06f3e2cd[log] [tgz]
authorDaniel P. Berrangé <berrange@redhat.com>Fri Mar 04 19:36:01 2022 +0000
committerEric Blake <eblake@redhat.com>Mon Mar 07 15:58:42 2022 -0600
tree5dbf9afbef43551e5928944e86987f1cec4854b6
parent046f98d0753872b1e3189689da16c68e1f6c78c2 [diff]
block/nbd: support override of hostname for TLS certificate validation

When connecting to an NBD server with TLS and x509 credentials,
the client must validate the hostname it uses for the connection,
against that published in the server's certificate. If the client
is tunnelling its connection over some other channel, however, the
hostname it uses may not match the info reported in the server's
certificate. In such a case, the user needs to explicitly set an
override for the hostname to use for certificate validation.

This is achieved by adding a 'tls-hostname' property to the NBD
block driver.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-4-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2 files changed
tree: 5dbf9afbef43551e5928944e86987f1cec4854b6
  1. .github/
  2. .gitlab/
  3. .gitlab-ci.d/
  4. accel/
  5. audio/
  6. authz/
  7. backends/
  8. block/
  9. bsd-user/
  10. chardev/
  11. common-user/
  12. configs/
  13. contrib/
  14. crypto/
  15. disas/
  16. docs/
  17. dump/
  18. ebpf/
  19. fpu/
  20. fsdev/
  21. gdb-xml/
  22. hw/
  23. include/
  24. io/
  25. libdecnumber/
  26. linux-headers/
  27. linux-user/
  28. migration/
  29. monitor/
  30. nbd/
  31. net/
  32. pc-bios/
  33. plugins/
  34. po/
  35. python/
  36. qapi/
  37. qga/
  38. qobject/
  39. qom/
  40. replay/
  41. roms/
  42. scripts/
  43. scsi/
  44. semihosting/
  45. softmmu/
  46. storage-daemon/
  47. stubs/
  48. subprojects/
  49. target/
  50. tcg/
  51. tests/
  52. tools/
  53. trace/
  54. ui/
  55. util/
  56. capstone
  57. dtc
  58. meson
  59. slirp
  60. .cirrus.yml
  61. .dir-locals.el
  62. .editorconfig
  63. .exrc
  64. .gdbinit
  65. .gitattributes
  66. .gitignore
  67. .gitlab-ci.yml
  68. .gitmodules
  69. .gitpublish
  70. .mailmap
  71. .patchew.yml
  72. .readthedocs.yml
  73. .travis.yml
  74. block.c
  75. blockdev-nbd.c
  76. blockdev.c
  77. blockjob.c
  78. configure
  79. COPYING
  80. COPYING.LIB
  81. cpu.c
  82. cpus-common.c
  83. disas.c
  84. gdbstub.c
  85. gitdm.config
  86. hmp-commands-info.hx
  87. hmp-commands.hx
  88. iothread.c
  89. job-qmp.c
  90. job.c
  91. Kconfig
  92. Kconfig.host
  93. LICENSE
  94. MAINTAINERS
  95. Makefile
  96. memory_ldst.c.inc
  97. meson.build
  98. meson_options.txt
  99. module-common.c
  100. os-posix.c
  101. os-win32.c
  102. page-vary-common.c
  103. page-vary.c
  104. qemu-bridge-helper.c
  105. qemu-edid.c
  106. qemu-img-cmds.hx
  107. qemu-img.c
  108. qemu-io-cmds.c
  109. qemu-io.c
  110. qemu-keymap.c
  111. qemu-nbd.c
  112. qemu-options.hx
  113. qemu.nsi
  114. qemu.sasl
  115. README.rst
  116. replication.c
  117. trace-events
  118. VERSION
  119. version.rc