qemu-e2k/block
Daniel P. Berrangé a0cd6d2972 block/nbd: support override of hostname for TLS certificate validation
When connecting to an NBD server with TLS and x509 credentials,
the client must validate the hostname it uses for the connection,
against that published in the server's certificate. If the client
is tunnelling its connection over some other channel, however, the
hostname it uses may not match the info reported in the server's
certificate. In such a case, the user needs to explicitly set an
override for the hostname to use for certificate validation.

This is achieved by adding a 'tls-hostname' property to the NBD
block driver.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-4-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2022-03-07 15:58:42 -06:00
..
export block/export/fuse.c: allow writable exports to take RESIZE permission 2022-03-04 18:18:25 +01:00
monitor block/dirty-bitmap: bdrv_merge_dirty_bitmap(): add return value 2022-03-07 09:33:30 +01:00
accounting.c block/accounting: Use lock guard macros 2020-12-11 17:52:39 +01:00
aio_task.c block/aio_task: assert max_busy_tasks is greater than 0 2021-10-05 18:56:41 +02:00
amend.c block/amend: Keep strong reference to BDS 2022-03-04 18:18:26 +01:00
backup.c assertions for block_int global state API 2022-03-04 18:18:25 +01:00
blkdebug.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
blklogwrites.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
blkreplay.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
blkverify.c block: use int64_t instead of uint64_t in driver write handlers 2021-09-29 13:46:31 -05:00
block-backend.c block/coroutines: I/O and "I/O or GS" API 2022-03-04 18:18:25 +01:00
block-copy.c block: intoduce reqlist 2022-03-07 09:33:30 +01:00
block-gen.h scripts: add block-coroutine-wrapper.py 2020-10-05 10:59:06 +01:00
bochs.c block: use int64_t instead of uint64_t in driver read handlers 2021-09-29 13:46:31 -05:00
cloop.c block: use int64_t instead of uint64_t in driver read handlers 2021-09-29 13:46:31 -05:00
commit.c assertions for block_int global state API 2022-03-04 18:18:25 +01:00
copy-before-write.c block: copy-before-write: realize snapshot-access API 2022-03-07 09:33:31 +01:00
copy-before-write.h block/copy-before-write.h: global state API + assertions 2022-03-04 18:18:25 +01:00
copy-on-read.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
copy-on-read.h copy-on-read: add filter drop function 2021-01-26 11:26:54 +01:00
coroutines.h block/coroutines: I/O and "I/O or GS" API 2022-03-04 18:18:25 +01:00
create.c block_int-common.h: assertions in the callers of BlockDriver function pointers 2022-03-04 18:18:25 +01:00
crypto.c crypto: distinguish between main loop and I/O in block_crypto_amend_options_generic_luks 2022-03-04 18:14:40 +01:00
crypto.h nomaintainer: Fix Lesser GPL version number 2020-11-15 17:04:40 +01:00
curl.c block/curl.c: Check error return from curl_easy_setopt() 2022-03-07 09:19:20 +01:00
dirty-bitmap.c block/dirty-bitmap: introduce bdrv_dirty_bitmap_status() 2022-03-07 09:33:30 +01:00
dmg-bz2.c
dmg-lzfse.c block: Remove unused include 2020-11-09 15:44:21 +01:00
dmg.c block: use int64_t instead of uint64_t in driver read handlers 2021-09-29 13:46:31 -05:00
dmg.h
file-posix.c block/file-posix: Simplify the XFS_IOC_DIOINFO handling 2022-01-12 14:09:04 +01:00
file-win32.c block: use int64_t instead of uint64_t in driver write handlers 2021-09-29 13:46:31 -05:00
filter-compress.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
gluster.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
io_uring.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
io.c block/io: introduce block driver snapshot-access API 2022-03-07 09:33:31 +01:00
iscsi-opts.c modules: add block module annotations 2021-07-09 18:20:27 +02:00
iscsi.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
linux-aio.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
meson.build block: introduce snapshot-access block driver 2022-03-07 09:33:31 +01:00
mirror.c assertions for block_int global state API 2022-03-04 18:18:25 +01:00
nbd.c block/nbd: support override of hostname for TLS certificate validation 2022-03-07 15:58:42 -06:00
nfs.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
null.c block: use int64_t instead of uint64_t in driver write handlers 2021-09-29 13:46:31 -05:00
nvme.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
parallels-ext.c parallels: support bitmap extension for read-only mode 2021-03-08 14:56:55 +01:00
parallels.c block: introduce bdrv_activate 2022-03-04 18:14:40 +01:00
parallels.h parallels: support bitmap extension for read-only mode 2021-03-08 14:56:55 +01:00
preallocate.c block: fix preallocate filter: don't do unaligned preallocate requests 2022-03-07 09:19:20 +01:00
progress_meter.c progressmeter: protect with a mutex 2021-06-25 14:24:24 +03:00
qapi-sysemu.c
qapi.c block: use GDateTime for formatting timestamp when dumping snapshot info 2021-06-14 13:28:50 +01:00
qcow2-bitmap.c nbd patches for 2021-03-09 2021-03-11 13:57:08 +00:00
qcow2-cache.c
qcow2-cluster.c qcow2: Silence clang -m32 compiler warning 2021-10-15 15:39:38 -05:00
qcow2-refcount.c qcow2-refcount: check_refblocks(): add separate message for reserved 2021-09-15 18:42:38 +02:00
qcow2-snapshot.c block: consistently use bdrv_is_read_only() 2021-06-02 14:23:20 +02:00
qcow2-threads.c qcow2: add zstd cluster compression 2020-05-13 14:20:31 +02:00
qcow2.c qcow2: simple case support for downgrading of qcow2 images with zstd 2022-02-01 10:51:39 +01:00
qcow2.h qcow2-refcount: check_refblocks(): add separate message for reserved 2021-09-15 18:42:38 +02:00
qcow.c block: use int64_t instead of uint64_t in driver write handlers 2021-09-29 13:46:31 -05:00
qed-check.c
qed-cluster.c
qed-l2-cache.c
qed-table.c
qed.c block: use int64_t instead of int in driver write_zeroes handlers 2021-09-29 13:46:32 -05:00
qed.h qed: Simplify backing reads 2020-07-06 10:34:14 +02:00
quorum.c block: use int64_t instead of int in driver write_zeroes handlers 2021-09-29 13:46:32 -05:00
raw-format.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
rbd.c block/rbd: workaround for ceph issue #53784 2022-02-01 15:16:32 +01:00
replication.c job: @force parameter for job_cancel_sync() 2021-10-07 10:42:09 +02:00
reqlist.c block/reqlist: add reqlist_wait_all() 2022-03-07 09:33:30 +01:00
snapshot-access.c block: introduce snapshot-access block driver 2022-03-07 09:33:31 +01:00
snapshot.c include/block/snapshot: global state API + assertions 2022-03-04 18:18:25 +01:00
ssh.c block: print the server key type and fingerprint on failure 2022-02-16 14:34:16 +00:00
stream.c assertions for block_int global state API 2022-03-04 18:18:25 +01:00
throttle-groups.c block/throttle-groups: throttle_group_co_io_limits_intercept(): 64bit bytes 2021-02-03 08:14:00 -06:00
throttle.c block: use int64_t instead of int in driver discard handlers 2021-09-29 13:46:32 -05:00
trace-events block/nvme: Display CQ/SQ pointer in nvme_free_queue_pair() 2021-11-02 15:49:12 +01:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
vdi.c block: use int64_t instead of uint64_t in driver write handlers 2021-09-29 13:46:31 -05:00
vhdx-endian.c
vhdx-log.c block: consistently use bdrv_is_read_only() 2021-06-02 14:23:20 +02:00
vhdx.c block/vhdx: Support vhdx image only with 512 bytes logical sector size 2020-09-15 11:05:13 +02:00
vhdx.h
vmdk.c vmdk: allow specification of tools version 2021-11-02 12:47:51 +01:00
vpc.c block/vpc: Add a sanity check that fixed-size images have the right type 2021-11-02 12:47:51 +01:00
vvfat.c vvfat: Fix vvfat_write() for writes before the root directory 2022-01-14 12:03:16 +01:00
win32-aio.c aio-posix: split poll check from ready handler 2022-01-12 17:09:39 +00:00
write-threshold.c write-threshold: deal with includes 2021-05-14 16:14:10 +02:00