On Wed, Sep 18, 2019 at 07:41:50AM -0500, Eric Blake wrote: > On 9/17/19 5:35 PM, Richard W.M. Jones wrote: > > Test both the TLS enabled and fallback paths. > > > > nbd-server doesn't appear to support TLS at all, and qemu-nbd is known > > not to allow fallback to unencrypted, and therefore it only makes > > sense to test nbdkit at the moment. > > --- > > .gitignore | 4 ++++ > > > +interop_nbdkit_tls_certs_allow_enabled_SOURCES = interop.c > > +interop_nbdkit_tls_certs_allow_enabled_CPPFLAGS = \ > > + -I$(top_srcdir)/include \ > > + -DSERVER=\"$(NBDKIT)\" \ > > + -DSERVER_PARAMS='"--tls=require", "--tls-certificates=../tests/pki", > > "-s", "--exit-with-parent", "file", tmpfile' \ > > Is it worth testing nbdkit's --tls=yes (the counterpart to libnbd > TLS_ALLOW), to show that a server that permits but does not require > encryption can accept a plaintext client?
Definitely a test we need, in nbdkit :-) Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 100 libraries supported. http://fedoraproject.org/wiki/MinGW _______________________________________________ Libguestfs mailing list [email protected] https://www.redhat.com/mailman/listinfo/libguestfs
