Displaying 16 results from an estimated 16 matches for "tls_psk".
2018 Jun 25
2
[PATCH nbdkit] tls: Implement Pre-Shared Keys (PSK) authentication.
This is ready for review but needs a bit more real-world testing
before I'd be happy about it going upstream. It also needs tests.
It does interoperate with qemu, at least in my limited tests.
Rich.
2018 Jun 25
0
[PATCH nbdkit] tls: Implement Pre-Shared Keys (PSK) authentication.
...;
#include <errno.h>
#include <sys/types.h>
#include <assert.h>
@@ -51,7 +53,12 @@
#include <gnutls/gnutls.h>
+static int crypto_auth = 0;
+#define CRYPTO_AUTH_CERTIFICATES 1
+#define CRYPTO_AUTH_PSK 2
+
static gnutls_certificate_credentials_t x509_creds;
+static gnutls_psk_server_credentials_t psk_creds;
static void print_gnutls_error (int err, const char *fs, ...)
__attribute__((format (printf, 2, 3)));
@@ -147,23 +154,9 @@ load_certificates (const char *path)
return 1;
}
-/* Initialize crypto. This also handles the command line parameters
- * and loadi...
2018 Jun 25
1
[PATCH v2 nbdkit] tls: Implement Pre-Shared Keys (PSK)
v2:
* Improved documentation.
* Added a test (interop with qemu client).
2020 Aug 28
4
[nbdkit PATCH 0/3] .list_exports in nbd plugin
Another series on top of my exportname filter, marking off another
todo bullet point. With this, you can now use the NBD plugin as a
transparent passthrough of all export names served by the remote
server in both directions (list advertisement server to client, and
export name from client to server).
Eric Blake (3):
nbd: Implement .default_export, .export_description
nbd: Add
2018 Jun 28
3
Re: [PATCH nbdkit] tls: Implement Pre-Shared Keys (PSK) authentication.
....bss into .data for a
larger binary, although gcc has options for changing this).
> +static int
> +start_psk (void)
> +{
> + int err;
> + CLEANUP_FREE char *abs_psk_file = NULL;
> +
> + /* Make sure the path to the PSK file is absolute. */
> + abs_psk_file = realpath (tls_psk, NULL);
> + if (abs_psk_file == NULL) {
> + perror (tls_psk);
> + exit (EXIT_FAILURE);
> + }
> +
> + err = gnutls_psk_allocate_server_credentials (&psk_creds);
> + if (err < 0) {
> + print_gnutls_error (err, "allocating PSK credentials");
> +...
2019 Aug 15
3
[nbdkit PATCH] nbd: Another libnbd version bump
...;
+ tls = r ? LIBNBD_TLS_ALLOW : LIBNBD_TLS_DISABLE;
}
}
else if (strcmp (key, "tls-certificates") == 0) {
@@ -245,8 +246,9 @@ nbdplug_config_complete (void)
export = "";
if (tls == -1)
- tls = tls_certificates || tls_verify >= 0 || tls_username || tls_psk;
- if (tls > 0) {
+ tls = (tls_certificates || tls_verify >= 0 || tls_username || tls_psk)
+ ? LIBNBD_TLS_ALLOW : LIBNBD_TLS_DISABLE;
+ if (tls != LIBNBD_TLS_DISABLE) {
struct nbd_handle *nbd = nbd_create ();
if (!nbd) {
@@ -345,23 +347,12 @@ nbdplug_reader (void *handle)...
2019 Jan 01
2
[PATCH nbdkit] server: Use bool for types which are really booleans.
...const char *ipaddr;
extern enum log_to log_to;
-extern int newstyle;
+extern bool newstyle;
extern const char *port;
-extern int readonly;
+extern bool readonly;
extern const char *selinux_label;
+extern int threads;
extern int tls;
extern const char *tls_certificates_dir;
extern const char *tls_psk;
-extern int tls_verify_peer;
+extern bool tls_verify_peer;
extern char *unixsocket;
-extern int verbose;
-extern int threads;
+extern bool verbose;
extern volatile int quit;
extern int quit_fd;
-extern int forked_into_background;
+extern bool forked_into_background;
extern struct backend...
2019 Jun 18
0
[nbdkit PATCH] Experiment: nbd: Use ppoll() instead of pipe-to-self
...;libnbd.h>
@@ -67,7 +68,6 @@ struct handle {
/* These fields are read-only once initialized */
struct nbd_handle *nbd;
int fd; /* Cache of nbd_aio_get_fd */
- int fds[2]; /* Pipe for kicking the reader thread */
bool readonly;
pthread_t reader;
@@ -105,6 +105,15 @@ static char *tls_psk;
static struct handle *nbdplug_open_handle (int readonly);
static void nbdplug_close_handle (struct handle *h);
+/* Original signal mask, with SIGUSR1 unblocked */
+static sigset_t origmask;
+
+/* No-op signal handler for interrupting ppoll on SIGUSR1 */
+static void
+nbdplug_sigusr1 (int sig)
+...
2019 Jun 12
8
[nbdkit PATCH v3 0/5] Play with libnbd for nbdkit-nbd
libnbd-0.1.4-1 is now available in Fedora 29/30 updates testing.
Diffs since v2 - rebase to master, bump from libnbd 0.1.2 to 0.1.3+,
add tests to TLS usage which flushed out the need to turn relative
pathnames into absolute, doc tweaks
Now that the testsuite covers TLS and libnbd has been fixed to provide
the things I found lacking when developing v2, I'm leaning towards
pushing this on
2019 Sep 23
2
[PATCH nbdkit v2] server: public: Add nbdkit_parse_* functions for safely parsing integers.
...- a/server/internal.h
+++ b/server/internal.h
@@ -98,7 +98,7 @@ extern bool read_only;
extern const char *run;
extern bool listen_stdin;
extern const char *selinux_label;
-extern int threads;
+extern unsigned threads;
extern int tls;
extern const char *tls_certificates_dir;
extern const char *tls_psk;
diff --git a/server/main.c b/server/main.c
index d433c1f..975716d 100644
--- a/server/main.c
+++ b/server/main.c
@@ -76,7 +76,7 @@ bool read_only; /* -r */
const char *run; /* --run */
bool listen_stdin; /* -s */
const char *selinux_label; /* --s...
2019 May 30
5
[nbdkit PATCH 0/4] Play with libnbd for nbdkit-add
Patch 1 played with an early draft of Rich's Fedora 30 libnbd package:
https://bugzilla.redhat.com/show_bug.cgi?id=1713767#c17
Note that comment 21 provides a newer package 0.1.1-1 with a different
API; and that libnbd has more unreleased API changes in the pipeline
(whether that will be called 0.2 or 0.1.2); so we'll have to tweak
things based on what is actually available in distros.
2019 Jun 02
5
[nbdkit PATCH v2 0/5] Play with libnbd for nbdkit-nbd
libnbd-0.1.2-1 is now available in Fedora 29/30 updates-testing,
although it was not compiled against libxml2 so it lacks uri support
(I ended up testing patch 4 with a self-built libnbd).
Diffs since v1 - rebase to master, bump from libnbd 0.1 to 0.1.2, add
URI support, better timing results
Still not done - patch 5 needs associated tests
Eric Blake (5):
nbd: Check for libnbd
nbd:
2019 Sep 23
2
Re: [PATCH nbdkit] server: public: Add nbdkit_parse_* functions for safely parsing integers.
On Mon, Sep 23, 2019 at 12:05:11PM -0500, Eric Blake wrote:
> > + int nbdkit_parse_long (const char *what, const char *str, long *r);
> > + int nbdkit_parse_unsigned_long (const char *what,
> > + const char *str, unsigned long *r);
>
> Do we really want to encourage the use of parse_long and
> parse_unsigned_long? Those differ between
2020 Sep 21
18
[nbdkit PATCH v3 00/14] exportname filter
It's been several weeks since I posted v2 (I got distracted by
improving libnbd to better test things, which in turn surfaced some
major memory leak problems in nbdsh that are now fixed). Many of the
patches are minor rebases from v2, with the biggest changes being
fallout from:
- patch 2: rename nbdkit_add_default_export to nbdkit_use_default_export
- overall: this missed 1.22, so update
2019 Sep 21
2
[PATCH nbdkit] server: public: Add nbdkit_parse_* functions for safely parsing integers.
...- a/server/internal.h
+++ b/server/internal.h
@@ -98,7 +98,7 @@ extern bool read_only;
extern const char *run;
extern bool listen_stdin;
extern const char *selinux_label;
-extern int threads;
+extern unsigned threads;
extern int tls;
extern const char *tls_certificates_dir;
extern const char *tls_psk;
diff --git a/server/main.c b/server/main.c
index d433c1f..975716d 100644
--- a/server/main.c
+++ b/server/main.c
@@ -76,7 +76,7 @@ bool read_only; /* -r */
const char *run; /* --run */
bool listen_stdin; /* -s */
const char *selinux_label; /* --s...
2020 Jul 01
15
[PATCH nbdkit 0/9] nbd: Implement command= and socket-fd= parameters.
I fixed the deadlock - turned out to be an actual bug in the nbd
plugin (see patch 8).
I changed the command syntax so it's now:
nbdkit nbd command=qemu arg=-f arg=qcow2 arg=/path/to/disk.qcow2
Nir wrote:
18:08 < nsoffer> rwmjones: regarding the nbd proxy patches, did you have specific flow that help us?
18:08 < nsoffer> rwmjones: or this is just a way to support qcow2 in the