[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 07/18] migration: fix use of TLS PSK credentials with a UNIX
From: |
Daniel P . Berrangé |
Subject: |
Re: [PATCH 07/18] migration: fix use of TLS PSK credentials with a UNIX socket |
Date: |
Mon, 7 Mar 2022 10:08:03 +0000 |
User-agent: |
Mutt/2.1.5 (2021-12-30) |
On Mon, Mar 07, 2022 at 03:08:53PM +0800, Peter Xu wrote:
> On Wed, Mar 02, 2022 at 05:49:21PM +0000, Daniel P. Berrangé wrote:
> > The migration TLS code has a check mandating that a hostname be
> > available when starting a TLS session. This is expected when using
> > x509 credentials, but is bogus for PSK and anonymous credentials
> > as neither involve hostname validation.
> >
> > The TLS crdentials object gained suitable error reporting in the
> > case of TLS with x509 credentials, so there is no longer any need
> > for the migration code to do its own (incorrect) validation.
> >
> > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
>
> Do we need a Fixes tag for this?
It is fuzzy as we never really intended for UNIX sockets to use TLS
originally.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- [PATCH 01/18] tests: fix encoding of IP addresses in x509 certs, (continued)
- [PATCH 01/18] tests: fix encoding of IP addresses in x509 certs, Daniel P . Berrangé, 2022/03/02
- [PATCH 02/18] tests: improve error message when saving TLS PSK file fails, Daniel P . Berrangé, 2022/03/02
- [PATCH 03/18] tests: support QTEST_TRACE env variable, Daniel P . Berrangé, 2022/03/02
- [PATCH 05/18] tests: add more helper macros for creating TLS x509 certs, Daniel P . Berrangé, 2022/03/02
- [PATCH 06/18] crypto: mandate a hostname when checking x509 creds on a client, Daniel P . Berrangé, 2022/03/02
- [PATCH 07/18] migration: fix use of TLS PSK credentials with a UNIX socket, Daniel P . Berrangé, 2022/03/02
- [PATCH 08/18] tests: merge code for UNIX and TCP migration pre-copy tests, Daniel P . Berrangé, 2022/03/02
- [PATCH 09/18] tests: introduce ability to provide hooks for migration precopy test, Daniel P . Berrangé, 2022/03/02
- [PATCH 10/18] tests: switch migration FD passing test to use common precopy helper, Daniel P . Berrangé, 2022/03/02
- [PATCH 11/18] tests: expand the migration precopy helper to support failures, Daniel P . Berrangé, 2022/03/02