[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-block] [PATCH 12/15] nbd: implement TLS support in the protoco
|
From: |
Wouter Verhelst |
|
Subject: |
Re: [Qemu-block] [PATCH 12/15] nbd: implement TLS support in the protocol negotiation |
|
Date: |
Sat, 28 Nov 2015 11:28:55 +0100 |
|
User-agent: |
Mutt/1.5.24 (2015-08-30) |
Minor nitpick:
On Fri, Nov 27, 2015 at 12:20:50PM +0000, Daniel P. Berrange wrote:
[...]
> @@ -563,6 +659,14 @@ static int nbd_receive_options(NBDClient *client)
> case NBD_OPT_EXPORT_NAME:
> return nbd_handle_export_name(client, length);
>
> + case NBD_OPT_STARTTLS:
> + if (client->tlscreds) {
> + TRACE("TLS already enabled");
> + } else {
> + TRACE("TLS not configured");
> + }
> + nbd_send_rep(client->ioc, NBD_REP_ERR_UNSUP, clientflags);
NBD_REP_ERR_UNSUP is supposed to be reserved as the default reply for
replies unknown to a server implementation (i.e., it's "this request is
not supported by this server"). Trying to negotiate TLS in a TLS channel
would be NBD_REP_ERR_INVALID ("invalid request"). Trying to negotiate
TLS when no TLS configuration is available server-side would be
NBD_REP_ERR_POLICY ("request not allowed by server-side policy").
Keeping to these error codes would allow a client to provide more useful
information to a user beyond "haha it fail"; but I suppose there can be
arguments for not doing so, too.
Beyond this and the default export that I talked about earlier, no
comments.
--
It is easy to love a country that is famous for chocolate and beer
-- Barack Obama, speaking in Brussels, Belgium, 2014-03-26
- [Qemu-block] [PATCH 05/15] nbd: convert blockdev NBD server to use I/O channels for connection setup, (continued)
- [Qemu-block] [PATCH 05/15] nbd: convert blockdev NBD server to use I/O channels for connection setup, Daniel P. Berrange, 2015/11/27
- [Qemu-block] [PATCH 02/15] qemu-nbd: add support for --object command line arg, Daniel P. Berrange, 2015/11/27
- [Qemu-block] [PATCH 07/15] nbd: invert client logic for negotiating protocol version, Daniel P. Berrange, 2015/11/27
- [Qemu-block] [PATCH 06/15] nbd: convert to using I/O channels for actual socket I/O, Daniel P. Berrange, 2015/11/27
- [Qemu-block] [PATCH 08/15] nbd: make server compliant with fixed newstyle spec, Daniel P. Berrange, 2015/11/27
- [Qemu-block] [PATCH 09/15] nbd: make client request fixed new style if advertized, Daniel P. Berrange, 2015/11/27
- [Qemu-block] [PATCH 11/15] nbd: pick first exported volume if no export name is requested, Daniel P. Berrange, 2015/11/27
- [Qemu-block] [PATCH 10/15] nbd: allow setting of an export name for qemu-nbd server, Daniel P. Berrange, 2015/11/27
- [Qemu-block] [PATCH 13/15] nbd: enable use of TLS with NBD block driver, Daniel P. Berrange, 2015/11/27
- [Qemu-block] [PATCH 12/15] nbd: implement TLS support in the protocol negotiation, Daniel P. Berrange, 2015/11/27
- Re: [Qemu-block] [PATCH 12/15] nbd: implement TLS support in the protocol negotiation,
Wouter Verhelst <=
- [Qemu-block] [PATCH 14/15] nbd: enable use of TLS with qemu-nbd server, Daniel P. Berrange, 2015/11/27
- [Qemu-block] [PATCH 15/15] nbd: enable use of TLS with nbd-server-start command, Daniel P. Berrange, 2015/11/27
- Re: [Qemu-block] [PATCH 00/15] Implement TLS support to QEMU NBD server & client, Wouter Verhelst, 2015/11/27