[Libguestfs] [PATCH] client: Don't confuse Unix socket with TLS hostname
Eric Blake
eblake at redhat.com
Thu Sep 2 22:07:29 UTC 2021
When using -u but not -H, we were ending up calling
gnutls_session_set_verify_cert() with the Unix socket's path name,
which is bound to fail (hostnames don't start with /). Saner is to
only default tlshostname when using TCP sockets.
See also https://gitlab.com/nbdkit/nbdkit/-/issues/1, as this was
detected during an attempt to prove TLS interoperability between
nbd-client and nbdkit. Pre-patch, I have to add '-H localhost' to the
nbd-client command line when using nbdkit with a Unix socket, but not
when using a TCP socket; post-patch, I can omit -H and still connect
/dev/nbd0 over TLS using either TCP or Unix.
Signed-off-by: Eric Blake <eblake at redhat.com>
---
nbd-client.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/nbd-client.c b/nbd-client.c
index e9079a9..463ff86 100644
--- a/nbd-client.c
+++ b/nbd-client.c
@@ -1186,7 +1186,7 @@ int main(int argc, char *argv[]) {
}
}
- if (!tlshostname && hostname)
+ if (!tlshostname && hostname && !b_unix)
tlshostname = strdup(hostname);
if (netlink)
--
2.31.1
More information about the Libguestfs
mailing list