[Libguestfs] [PATCH] client: Don't confuse Unix socket with TLS hostname
Wouter Verhelst
w at uter.be
Fri Sep 3 10:06:14 UTC 2021
Ack, thanks -- please commit.
On Thu, Sep 02, 2021 at 05:07:29PM -0500, Eric Blake wrote:
> When using -u but not -H, we were ending up calling
> gnutls_session_set_verify_cert() with the Unix socket's path name,
> which is bound to fail (hostnames don't start with /). Saner is to
> only default tlshostname when using TCP sockets.
>
> See also https://gitlab.com/nbdkit/nbdkit/-/issues/1, as this was
> detected during an attempt to prove TLS interoperability between
> nbd-client and nbdkit. Pre-patch, I have to add '-H localhost' to the
> nbd-client command line when using nbdkit with a Unix socket, but not
> when using a TCP socket; post-patch, I can omit -H and still connect
> /dev/nbd0 over TLS using either TCP or Unix.
>
> Signed-off-by: Eric Blake <eblake at redhat.com>
> ---
> nbd-client.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/nbd-client.c b/nbd-client.c
> index e9079a9..463ff86 100644
> --- a/nbd-client.c
> +++ b/nbd-client.c
> @@ -1186,7 +1186,7 @@ int main(int argc, char *argv[]) {
> }
> }
>
> - if (!tlshostname && hostname)
> + if (!tlshostname && hostname && !b_unix)
> tlshostname = strdup(hostname);
>
> if (netlink)
> --
> 2.31.1
>
>
--
w at uter.{be,co.za}
wouter@{grep.be,fosdem.org,debian.org}
More information about the Libguestfs
mailing list