[Libguestfs] [PATCH] client: Don't confuse Unix socket with TLS hostname

Eric Blake eblake at redhat.com
Thu Sep 2 22:07:29 UTC 2021

When using -u but not -H, we were ending up calling
gnutls_session_set_verify_cert() with the Unix socket's path name,
which is bound to fail (hostnames don't start with /).  Saner is to
only default tlshostname when using TCP sockets.

See also https://gitlab.com/nbdkit/nbdkit/-/issues/1, as this was
detected during an attempt to prove TLS interoperability between
nbd-client and nbdkit.  Pre-patch, I have to add '-H localhost' to the
nbd-client command line when using nbdkit with a Unix socket, but not
when using a TCP socket; post-patch, I can omit -H and still connect
/dev/nbd0 over TLS using either TCP or Unix.

Signed-off-by: Eric Blake <eblake at redhat.com>
 nbd-client.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nbd-client.c b/nbd-client.c
index e9079a9..463ff86 100644
--- a/nbd-client.c
+++ b/nbd-client.c
@@ -1186,7 +1186,7 @@ int main(int argc, char *argv[]) {

-        if (!tlshostname && hostname)
+        if (!tlshostname && hostname && !b_unix)
                 tlshostname = strdup(hostname);

 	if (netlink)

More information about the Libguestfs mailing list