On 8/10/19 8:02 AM, Richard W.M. Jones wrote: > This is the same, but now we have a symbol for it. > --- > docs/libnbd.pod | 6 ++++-- > interop/interop.c | 2 +- > lib/connect.c | 2 +- > tests/aio-parallel-load.c | 2 +- > tests/aio-parallel.c | 2 +- > tests/connect-tls.c | 2 +- > tests/synch-parallel.c | 2 +- > 7 files changed, 10 insertions(+), 8 deletions(-) >
ACK; could also be squashed with the previous one. > diff --git a/docs/libnbd.pod b/docs/libnbd.pod > index b42d000..01964de 100644 > --- a/docs/libnbd.pod > +++ b/docs/libnbd.pod > @@ -522,8 +522,10 @@ and servers. Libnbd defaults to TLS I<disabled> for > maximum > interoperability. To enable it on a handle you must call > C<nbd_set_tls> before connecting: > > - nbd_set_tls (nbd, 1); // to allow TLS, but fall back to unencrypted > - nbd_set_tls (nbd, 2); // to require TLS, and fail otherwise > + // to allow TLS, but fall back to unencrypted > + nbd_set_tls (nbd, LIBNBD_TLS_ALLOW); Again, probably worth calling attention to the fact that this one is a potential security risk for MitM and should be avoided if that is a concern. Maybe as simple as adding: // warning: avoid this mode if man-in-the-middle attacks are a concern > + // to require TLS, and fail otherwise > + nbd_set_tls (nbd, LIBNBD_TLS_REQUIRE); > -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Libguestfs mailing list [email protected] https://www.redhat.com/mailman/listinfo/libguestfs
