On Thu, Mar 03, 2022 at 04:03:19PM +0000, Daniel P. Berrangé wrote: > Currently the TLS session object assumes that the caller will always > provide a hostname when using x509 creds on a client endpoint. This > relies on the caller to detect and report an error if the user has > configured QEMU with x509 credentials on a UNIX socket. The migration > code has such a check, but it is too broad, reporting an error when > the user has configured QEMU with PSK credentials on a UNIX socket, > where hostnames are irrelevant. > > Putting the check into the TLS session object credentials validation > code ensures we report errors in only the scenario that matters. > > Signed-off-by: Daniel P. Berrangé <[email protected]> > --- > crypto/tlssession.c | 6 ++++++ > 1 file changed, 6 insertions(+)
Reviewed-by: Eric Blake <[email protected]> -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
