[Libguestfs] Re: [PATCH nbdkit 1/3] server/uri.c: Append tls-certificates or tls-psk-key parameter to $uri

On Thu, May 16, 2024 at 11:12:55AM +0100, Daniel P. Berrangé wrote: > I don't believe QEMU complains about unknown URI query > parameters, though I might make the argument that it should > complain about anything unknown as an aid to dianose user > errors. I'm not planning any such change myself though. Let me actually look at what qemu does ... qemu has partial support for NBD URIs (https://github.com/NetworkBlockDevice/nbd/blob/master/doc/uri.md) It supports nbd://, nbd+unix://, and nbd+tcp:// (non-standard). It supports server, port, export name, and ?socket. It doesn't support TLS username or any tls-* parameters, but since it doesn't support nbds:// (ie. TLS) via URIs that doesn't matter at the moment. tls-certificates and tls-psk-file are strictly libnbd extensions, and libnbd doesn't support tls-type=anon|x509|psk. So there's a bit of work for both libnbd & qemu to get fully compliant TLS support. Using the separate -object argument is painful and obscure for users. Is there a reason why qemu could never support tls-certificates=<path> or tls-psk-file=<filename> in future? For example that it's architecturally difficult for qemu to work this way?