On 11/16/18 9:53 AM, Daniel P. Berrangé wrote:
This does two minor fixes to the NBD code and adds significant coverage
of the NBD TLS support to detect future problems.
The first two patches should be for 3.1.
The tests can wait till 4.0 if desired.
Although this series is now in 3.1, I can think of further enhancements
we should add for 4.0 (summarizing an IRC conversation with Dan).
Capturing it here to remember things...
- we need iotests coverage of Pre-Shared Keys (PSK) as an alternative to
certificates (either add on to 233, or a new test)
- add an optional QMP parameter for specifying the hostname to validate
a certificate against when using a Unix socket with TLS (compare
tls-hostname added to 'migrate'), rather than the current restriction
that using TLS with an NBD client requires TCP
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org