>> I'm happy to have a detailed look at this later (and indeed
>> do some interoperability testing - I'll see if I can dig out
>> the qemu-img command line I used to test gonbdserver),
> Would be cool, yes. Once you did so, would be nice if you could also
> post the details here, so I can replicate what you do more easily ;-)

I think I got the details from here:


With the cert generation instructions from here:


section 3.12.8

though I see Eric has already answered.

>>   Fourthly, if you aren't checking client certificates, why is a CA
>>   file mandatory?
> Different CA. This is for the CA that contains the server certificate,
> not the CA used for validating client certificates. Last I checked you
> want to pass that to the server too (but it was late and I might have
> been an idiot).

If you are acting as a server and not checking client certificates, it
should not be mandatory to provide a CA certificate. In general this
would only be needed to provide a certificate chain of intermediate
certificates (and these normally go in through a different parameter
or with the public key as you need to supply more than one).

Alex Bligh

Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Nbd-general mailing list

Reply via email to