On Sat, Nov 28, 2015 at 11:28:55AM +0100, Wouter Verhelst wrote:
> Minor nitpick:
>
> On Fri, Nov 27, 2015 at 12:20:50PM +0000, Daniel P. Berrange wrote:
> [...]
> > @@ -563,6 +659,14 @@ static int nbd_receive_options(NBDClient *client)
> > case NBD_OPT_EXPORT_NAME:
> > return nbd_handle_export_name(client, length);
> >
> > + case NBD_OPT_STARTTLS:
> > + if (client->tlscreds) {
> > + TRACE("TLS already enabled");
> > + } else {
> > + TRACE("TLS not configured");
> > + }
> > + nbd_send_rep(client->ioc, NBD_REP_ERR_UNSUP, clientflags);
>
> NBD_REP_ERR_UNSUP is supposed to be reserved as the default reply for
> replies unknown to a server implementation (i.e., it's "this request is
> not supported by this server"). Trying to negotiate TLS in a TLS channel
> would be NBD_REP_ERR_INVALID ("invalid request"). Trying to negotiate
> TLS when no TLS configuration is available server-side would be
> NBD_REP_ERR_POLICY ("request not allowed by server-side policy").
Yep that makes sense.
> Beyond this and the default export that I talked about earlier, no
> comments.
Ok, thanks for taking the time to look at this.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
