Re: [Libguestfs] [PATCH libnbd 4/5] interop: Add -DTLS_MODE to the test.
On 9/17/19 5:35 PM, Richard W.M. Jones wrote:
This neutral refactoring adds -DTLS_MODE. We can in future change
the
requested TLS mode, but not in this commit.
It also checks that nbd_get_tls_negotiated returns true after
connecting, when the requested mode was set to LIBNBD_TLS_REQUIRE.
---
interop/Makefile.am | 4 ++++
interop/interop.c | 26 ++++++++++++++++++++------
2 files changed, 24 insertions(+), 6 deletions(-)
+#if CERTS || PSK
+#define TLS 1
+#ifndef TLS_MODE
+#error "TLS_MODE must be defined when using CERTS || PSK"
+#endif
+#endif
+
int
main (int argc, char *argv[])
{
@@ -73,15 +80,12 @@ main (int argc, char *argv[])
}
#endif
-#if CERTS || PSK
- /* Require TLS on the handle and fail if not available or if the
- * handshake fails.
- */
+#if TLS
if (nbd_supports_tls (nbd) != 1) {
fprintf (stderr, "skip: compiled without TLS support\n");
exit (77);
}
This skips the test if we are compiled without TLS support, even if
TLS_ALLOW was requested. What behavior do we really want there? Is
TLS_ALLOW unconditionally falling back to plaintext okay, or do we only
want to permit TLS_ALLOW if TLS support is at least plausible?
Otherwise, the series is fine.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 488 bytes)