[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v6 1/3] qemu-nbd: add support for authorization
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH v6 1/3] qemu-nbd: add support for authorization of TLS clients |
Date: |
Thu, 28 Feb 2019 12:20:16 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.5.0 |
On 2/27/19 10:43 AM, Eric Blake wrote:
>> @example
>> qemu-nbd \
>> --object tls-creds-x509,id=tls0,endpoint=server,dir=/path/to/qemutls \
>> - --tls-creds tls0 -t -x subset -p 10810 \
>> + --object 'authz-simple,id=auth0,identity=CN=laptop.example.com,,\
>> + O=Example Org,,L=London,,ST=London,,C=GB' \
>
> A long line may be necessary here, unless the whitespace in the
> identity= parameter inserted by the line continuation is harmless. Long
> lines in man pages are annoying, but even worse is an example that
> copies-and-pastes incorrectly. I may just s/^ *O/O/.
I've just confirmed that whitespace in the identity= parameter is
harmless, via this change:
diff --git i/tests/qemu-iotests/233 w/tests/qemu-iotests/233
index 6adade45353..5e5fe1e8cdb 100755
--- i/tests/qemu-iotests/233
+++ w/tests/qemu-iotests/233
@@ -131,7 +131,8 @@ nbd_server_stop
nbd_server_start_tcp_socket \
--object
tls-creds-x509,dir=${tls_dir}/server1,endpoint=server,id=tls0,verify-peer=yes
\
- --object "authz-simple,identity=CN=localhost,,O=Cthulu Dark Lord
Enterprises client1,,L=R'lyeh,,C=South Pacific,id=authz0" \
+ --object "authz-simple,id=authz0,identity=CN=localhost,, \
+ O=Cthulu Dark Lord Enterprises client1,,L=R'lyeh,,C=South Pacific" \
--tls-authz authz0 \
--tls-creds tls0 \
-f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log"
So I'll go ahead and tweak the patch along those lines.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org