Re: [Libguestfs] [PATCH libnbd 4/9] api: Change nbd_set_tls (, 2) -> nbd_set_tls (, LIBNBD_TLS_REQUIRE).
On 8/10/19 8:02 AM, Richard W.M. Jones wrote:
This is the same, but now we have a symbol for it.
---
docs/libnbd.pod | 6 ++++--
interop/interop.c | 2 +-
lib/connect.c | 2 +-
tests/aio-parallel-load.c | 2 +-
tests/aio-parallel.c | 2 +-
tests/connect-tls.c | 2 +-
tests/synch-parallel.c | 2 +-
7 files changed, 10 insertions(+), 8 deletions(-)
ACK; could also be squashed with the previous one.
diff --git a/docs/libnbd.pod b/docs/libnbd.pod
index b42d000..01964de 100644
--- a/docs/libnbd.pod
+++ b/docs/libnbd.pod
@@ -522,8 +522,10 @@ and servers. Libnbd defaults to TLS I<disabled> for maximum
interoperability. To enable it on a handle you must call
C<nbd_set_tls> before connecting:
- nbd_set_tls (nbd, 1); // to allow TLS, but fall back to unencrypted
- nbd_set_tls (nbd, 2); // to require TLS, and fail otherwise
+ // to allow TLS, but fall back to unencrypted
+ nbd_set_tls (nbd, LIBNBD_TLS_ALLOW);
Again, probably worth calling attention to the fact that this one is a
potential security risk for MitM and should be avoided if that is a
concern. Maybe as simple as adding:
// warning: avoid this mode if man-in-the-middle attacks are a concern
+ // to require TLS, and fail otherwise
+ nbd_set_tls (nbd, LIBNBD_TLS_REQUIRE);
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 488 bytes)