On Thu, Mar 03, 2022 at 04:03:23PM +0000, Daniel P. Berrangé wrote: > The TLS usage for NBD was restricted to IP sockets because validating > x509 certificates requires knowledge of the hostname that the client > is connecting to. > > TLS does not have to use x509 certificates though, as PSK (pre-shared > keys) provide an alternative credential option. These have no > requirement for a hostname and can thus be trivially used for UNIX > sockets. > > Furthermore, with the ability to overide the default hostname for > TLS validation in the previous patch, it is now also valid to want > to use x509 certificates with FD passing and UNIX sockets. > > Signed-off-by: Daniel P. Berrangé <berra...@redhat.com> > --- > block/nbd.c | 8 ++------ > blockdev-nbd.c | 6 ------ > qemu-nbd.c | 8 +++----- > 3 files changed, 5 insertions(+), 17 deletions(-)
Reviewed-by: Eric Blake <ebl...@redhat.com> -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
