Re: [Libguestfs] [PATCH libnbd 5/5] interop: Add tests of nbdkit + LIBNBD_TLS_ALLOW.
On 9/17/19 5:35 PM, Richard W.M. Jones wrote:
Test both the TLS enabled and fallback paths.
nbd-server doesn't appear to support TLS at all, and qemu-nbd is known
not to allow fallback to unencrypted, and therefore it only makes
sense to test nbdkit at the moment.
---
.gitignore | 4 ++++
+interop_nbdkit_tls_certs_allow_enabled_SOURCES = interop.c
+interop_nbdkit_tls_certs_allow_enabled_CPPFLAGS = \
+ -I$(top_srcdir)/include \
+ -DSERVER=\"$(NBDKIT)\" \
+ -DSERVER_PARAMS='"--tls=require",
"--tls-certificates=../tests/pki", "-s",
"--exit-with-parent", "file", tmpfile' \
Is it worth testing nbdkit's --tls=yes (the counterpart to libnbd
TLS_ALLOW), to show that a server that permits but does not require
encryption can accept a plaintext client?
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 488 bytes)