diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2022-03-09 11:38:29 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2022-03-09 11:38:29 +0000 |
| commit | fdee2c96923dfd38aa7a264abb7de6d403f81c4d (patch) | |
| tree | 741d5162d0fc6dc79f387287ccb0ca8c52d69a7d /docs | |
| parent | f14ad81eed531adc9b3ae2af76cd52cfad5c9ae5 (diff) | |
| parent | 395aecd037dc35d110b8e1e8cc7d20c1082894b5 (diff) | |
Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2022-03-07' into staging
nbd patches for 2022-03-07
- Dan Berrange: Allow qemu-nbd to support TLS over Unix sockets
- Eric Blake: Minor cleanups related to 64-bit block operations
# gpg: Signature made Tue 08 Mar 2022 01:41:35 GMT
# gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg: aka "[jpeg image of size 6874]" [full]
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A
* remotes/ericb/tags/pull-nbd-2022-03-07:
qemu-io: Allow larger write zeroes under no fallback
qemu-io: Utilize 64-bit status during map
nbd/server: Minor cleanups
tests/qemu-iotests: validate NBD TLS with UNIX sockets and PSK
tests/qemu-iotests: validate NBD TLS with UNIX sockets
tests/qemu-iotests: validate NBD TLS with hostname mismatch
tests/qemu-iotests: convert NBD TLS test to use standard filters
tests/qemu-iotests: introduce filter for qemu-nbd export list
tests/qemu-iotests: expand _filter_nbd rules
tests/qemu-iotests: add QEMU_IOTESTS_REGEN=1 to update reference file
block/nbd: don't restrict TLS usage to IP sockets
qemu-nbd: add --tls-hostname option for TLS certificate validation
block/nbd: support override of hostname for TLS certificate validation
block: pass desired TLS hostname through from block driver client
crypto: mandate a hostname when checking x509 creds on a client
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/tools/qemu-nbd.rst | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/docs/tools/qemu-nbd.rst b/docs/tools/qemu-nbd.rst index 6031f96893..2b8c90c354 100644 --- a/docs/tools/qemu-nbd.rst +++ b/docs/tools/qemu-nbd.rst @@ -169,6 +169,19 @@ driver options if ``--image-opts`` is specified. option; or provide the credentials needed for connecting as a client in list mode. +.. option:: --tls-hostname=hostname + + When validating an x509 certificate received over a TLS connection, + the hostname that the NBD client used to connect will be checked + against information in the server provided certificate. Sometimes + it might be required to override the hostname used to perform this + check. For example, if the NBD client is using a tunnel from localhost + to connect to the remote server, the `--tls-hostname` option should + be used to set the officially expected hostname of the remote NBD + server. This can also be used if accessing NBD over a UNIX socket + where there is no inherent hostname available. This is only permitted + when acting as a NBD client with the `--list` option. + .. option:: --fork Fork off the server process and exit the parent once the server is running. |