On 3/31/20 3:30 AM, Markus Armbruster wrote:
Eric Blake <ebl...@redhat.com> writes:
Gnutls documents that applications that want to distinguish between a
clean end-of-communication and a malicious client abruptly tearing the
underlying transport out of under our feet need to use gnutls_bye().
Our channel code is already set up to allow shutdown requests, but we
weren't forwarding those to gnutls. To make that work, we first need
a new entry point that can isolate the rest of our code from the
gnutls interface.
+int qcrypto_tls_session_shutdown(QCryptoTLSSession *session,
+ QCryptoShutdownMode how)
This is a thin wrapper around gnutls_bye(). I understand this is an
abstraction layer backed by GnuTLS. Not sure abstracting from just one
concrete thing is a good idea, but that's way out of scope here.
If we ever add an alternative TLS implementation to gnutls, then the
abstraction is useful. But I'm not sure how likely that is, so maybe
Dan has more insight why he chose this design originally.
In scope: why do you need QCryptoShutdownMode be a QAPI type?
I don't, other than the fact that other TLS parameters were also QAPI
types (such as QCryptoTLSCredsEndpoint).
But that may be moot, as Dan argued that this series adds more
complexity than it is worth (I originally wrote it while trying to debug
an nbdkit bug; but in the meantime, I have fixed the nbdkit bug without
any change to qemu behavior). So at this point, I will probably not be
posting a v2 of this series.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
