search for: nbd_get_tls_negoti

.../interop/interop-qemu-nbd /interop/interop-qemu-nbd-tls-certs diff --git a/TODO b/TODO index 21feb2f..642d39f 100644 --- a/TODO +++ b/TODO @@ -17,9 +17,6 @@ NBD_INFO_BLOCK_SIZE. TLS should properly shut down the session (calling gnutls_bye). -LIBNBD_TLS_ALLOW is not tested. Related to this, -nbd_get_tls_negotiated is not tested. - Implement nbd_connect + systemd socket activation. Improve function trace output so that: diff --git a/interop/Makefile.am b/interop/Makefile.am index 8a5b787..43350a8 100644 --- a/interop/Makefile.am +++ b/interop/Makefile.am @@ -145,17 +145,25 @@ if HAVE_GNUTLS if HAVE_C...

I was a little surprised to find that LIBNBD_TLS_ALLOW worked out of the box, so I had to examine the logs whereupon I saw the magic message ... libnbd: debug: nbd1: nbd_connect_command: server refused TLS (policy), continuing with unencrypted connection I don't believe this path has ever been tested before. It's possible the tests could be improved if they actually checked for this

...| 3 +++ 5 files changed, 43 insertions(+), 4 deletions(-) diff --git a/TODO b/TODO index 642d39f..21feb2f 100644 --- a/TODO +++ b/TODO @@ -17,6 +17,9 @@ NBD_INFO_BLOCK_SIZE. TLS should properly shut down the session (calling gnutls_bye). +LIBNBD_TLS_ALLOW is not tested. Related to this, +nbd_get_tls_negotiated is not tested. + Implement nbd_connect + systemd socket activation. Improve function trace output so that: diff --git a/generator/generator b/generator/generator index 87a8cdf..28248ed 100755 --- a/generator/generator +++ b/generator/generator @@ -1132,17 +1132,42 @@ TLS are not handled aut...

This neutral refactoring adds -DTLS_MODE. We can in future change the requested TLS mode, but not in this commit. It also checks that nbd_get_tls_negotiated returns true after connecting, when the requested mode was set to LIBNBD_TLS_REQUIRE. --- interop/Makefile.am | 4 ++++ interop/interop.c | 26 ++++++++++++++++++++------ 2 files changed, 24 insertions(+), 6 deletions(-) diff --git a/interop/Makefile.am b/interop/Makefile.am index 9cb8071....

Similar to nbd_get_tls_negotiated, for observing what we actually settled on with the server, rather than what was requested. --- generator/generator | 30 +++++++++++++++++++++++++----- lib/handle.c | 6 ++++++ tests/meta-base-allocation.c | 15 +++++++++++++++ tests/oldstyle.c | 7 +++++...

On 9/17/19 5:35 PM, Richard W.M. Jones wrote: > This neutral refactoring adds -DTLS_MODE. We can in future change the > requested TLS mode, but not in this commit. > > It also checks that nbd_get_tls_negotiated returns true after > connecting, when the requested mode was set to LIBNBD_TLS_REQUIRE. > --- > interop/Makefile.am | 4 ++++ > interop/interop.c | 26 ++++++++++++++++++++------ > 2 files changed, 24 insertions(+), 6 deletions(-) > +#if CERTS || PSK > +#define TLS 1 &...

...) nbd_set_request_structured_replies(3) nbd_get_structured_replies_negotiated(3) Can be used when testing NBD servers to avoid various NBD features (Eric Blake). nbd_get_protocol(3) Get the NBD protocol variant that the server supports. nbd_get_tls_negotiated(3) Did we actually negotiate a TLS connection? nbd_set_uri_allow_local_file(3) nbd_set_uri_allow_tls(3) nbd_set_uri_allow_transports(3) These can be used to filter NBD URIs before calling nbd_connect_uri(3). New features New tool...

This rounds up the remaining bugs that I originally identified in: https://www.redhat.com/archives/libguestfs/2020-July/msg00153.html Eric Blake (4): api: Permit export list APIs when Connected info: Support --list with serializing servers info: Fix --json output when list size != 1 info: Permit --size --json generator/API.ml | 6 +++--- info/info-list-json.sh | 9 +++++++++

...t; ]; ret = RErr; - permitted_states = [ Created ]; + permitted_states = [ Created; Negotiating ]; shortdesc = "set the export name"; longdesc = "\ For servers which require an export name or can serve different @@ -361,7 +362,7 @@ on a particular connection use L<nbd_get_tls_negotiated(3)> instead."; "get_tls_negotiated", { default_call with args = []; ret = RBool; - permitted_states = [ Connected; Closed ]; + permitted_states = [ Negotiating; Connected; Closed ]; shortdesc = "find out if TLS was negotiated on a connection";...

This is a subset of my v2 posting, but limited to just the NBD_OPT_LIST handling. The biggest change since v2 is the addition of added unit testing in all four language bindings (C, python, ocaml, golang). The tests require nbdkit built from git on PATH, and may not be entirely idiomatic, but I at least validated that they catch issues (for example, adding an exit statement near the end of the

Well, I'm not quite done (I still want to get nbdinfo to work on a single nbd connection for all cases when reading the heads of the file is not required), but I'm happy with patches 1-11, and 12-13 show where I'm headed for getting NBD_OPT_INFO to work. Posting now to see if some of the earlier patches are ready to commit while I continue working on the latter half. Eric Blake (13):