Wouter, >> I'm happy to have a detailed look at this later (and indeed >> do some interoperability testing - I'll see if I can dig out >> the qemu-img command line I used to test gonbdserver), > > Would be cool, yes. Once you did so, would be nice if you could also > post the details here, so I can replicate what you do more easily ;-)
I think I got the details from here: https://www.berrange.com/posts/2016/04/05/improving-qemu-security-part-5-tls-support-for-nbd-server-client/ With the cert generation instructions from here: http://qemu.weilnetz.de/qemu-doc.html section 3.12.8 though I see Eric has already answered. >> Fourthly, if you aren't checking client certificates, why is a CA >> file mandatory? > > Different CA. This is for the CA that contains the server certificate, > not the CA used for validating client certificates. Last I checked you > want to pass that to the server too (but it was late and I might have > been an idiot). If you are acting as a server and not checking client certificates, it should not be mandatory to provide a CA certificate. In general this would only be needed to provide a certificate chain of intermediate certificates (and these normally go in through a different parameter or with the public key as you need to supply more than one). -- Alex Bligh ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Nbd-general mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nbd-general
