diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2022-03-09 11:38:29 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2022-03-09 11:38:29 +0000 |
| commit | fdee2c96923dfd38aa7a264abb7de6d403f81c4d (patch) | |
| tree | 741d5162d0fc6dc79f387287ccb0ca8c52d69a7d /crypto | |
| parent | f14ad81eed531adc9b3ae2af76cd52cfad5c9ae5 (diff) | |
| parent | 395aecd037dc35d110b8e1e8cc7d20c1082894b5 (diff) | |
| download | qemu-fdee2c96923dfd38aa7a264abb7de6d403f81c4d.zip qemu-fdee2c96923dfd38aa7a264abb7de6d403f81c4d.tar.gz qemu-fdee2c96923dfd38aa7a264abb7de6d403f81c4d.tar.bz2 | |
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2022-03-07' into staging
nbd patches for 2022-03-07
- Dan Berrange: Allow qemu-nbd to support TLS over Unix sockets
- Eric Blake: Minor cleanups related to 64-bit block operations
# gpg: Signature made Tue 08 Mar 2022 01:41:35 GMT
# gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg: aka "[jpeg image of size 6874]" [full]
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A
* remotes/ericb/tags/pull-nbd-2022-03-07:
qemu-io: Allow larger write zeroes under no fallback
qemu-io: Utilize 64-bit status during map
nbd/server: Minor cleanups
tests/qemu-iotests: validate NBD TLS with UNIX sockets and PSK
tests/qemu-iotests: validate NBD TLS with UNIX sockets
tests/qemu-iotests: validate NBD TLS with hostname mismatch
tests/qemu-iotests: convert NBD TLS test to use standard filters
tests/qemu-iotests: introduce filter for qemu-nbd export list
tests/qemu-iotests: expand _filter_nbd rules
tests/qemu-iotests: add QEMU_IOTESTS_REGEN=1 to update reference file
block/nbd: don't restrict TLS usage to IP sockets
qemu-nbd: add --tls-hostname option for TLS certificate validation
block/nbd: support override of hostname for TLS certificate validation
block: pass desired TLS hostname through from block driver client
crypto: mandate a hostname when checking x509 creds on a client
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/tlssession.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/tlssession.c b/crypto/tlssession.c index a8db8c7..b302d83 100644 --- a/crypto/tlssession.c +++ b/crypto/tlssession.c @@ -373,6 +373,12 @@ qcrypto_tls_session_check_certificate(QCryptoTLSSession *session, session->hostname); goto error; } + } else { + if (session->creds->endpoint == + QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) { + error_setg(errp, "No hostname for certificate validation"); + goto error; + } } } |