[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] [PATCH libnbd 5/5] interop: Add tests of nbdkit + LIBNBD_TLS_ALLOW.



On 9/17/19 5:35 PM, Richard W.M. Jones wrote:
> Test both the TLS enabled and fallback paths.
> 
> nbd-server doesn't appear to support TLS at all, and qemu-nbd is known
> not to allow fallback to unencrypted, and therefore it only makes
> sense to test nbdkit at the moment.
> ---
>  .gitignore          |  4 ++++

> +interop_nbdkit_tls_certs_allow_enabled_SOURCES = interop.c
> +interop_nbdkit_tls_certs_allow_enabled_CPPFLAGS = \
> +	-I$(top_srcdir)/include \
> +	-DSERVER=\"$(NBDKIT)\" \
> +	-DSERVER_PARAMS='"--tls=require", "--tls-certificates=../tests/pki", "-s", "--exit-with-parent", "file", tmpfile' \

Is it worth testing nbdkit's --tls=yes (the counterpart to libnbd
TLS_ALLOW), to show that a server that permits but does not require
encryption can accept a plaintext client?

-- 
Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3226
Virtualization:  qemu.org | libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]