From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:34708) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aRMie-00031Q-5n for qemu-devel@nongnu.org; Thu, 04 Feb 2016 11:25:21 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aRMiV-0006km-Vi for qemu-devel@nongnu.org; Thu, 04 Feb 2016 11:25:20 -0500 Received: from mx1.redhat.com ([209.132.183.28]:42438) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aRMiV-0006kG-Pa for qemu-devel@nongnu.org; Thu, 04 Feb 2016 11:25:11 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (Postfix) with ESMTPS id 7C29D8EB4E for ; Thu, 4 Feb 2016 16:25:11 +0000 (UTC) References: <1454593822-7321-1-git-send-email-berrange@redhat.com> <1454593822-7321-17-git-send-email-berrange@redhat.com> From: Eric Blake Message-ID: <56B37B66.6010101@redhat.com> Date: Thu, 4 Feb 2016 09:25:10 -0700 MIME-Version: 1.0 In-Reply-To: <1454593822-7321-17-git-send-email-berrange@redhat.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="v1xBMSh8Utlwsr5eNHCnjsphn0GCgrxaO" Subject: Re: [Qemu-devel] [PATCH v5 16/16] nbd: enable use of TLS with nbd-server-start command List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , qemu-devel@nongnu.org Cc: Kevin Wolf , Paolo Bonzini , Max Reitz This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --v1xBMSh8Utlwsr5eNHCnjsphn0GCgrxaO Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 02/04/2016 06:50 AM, Daniel P. Berrange wrote: > This modifies the nbd-server-start QMP command so that it > is possible to request use of TLS. This is done by adding > a new optional parameter "tls-creds" which provides the ID > of a previously created QCryptoTLSCreds object instance. >=20 > TLS is only supported when using an IPv4/IPv6 socket listener. >=20 > Signed-off-by: Daniel P. Berrange > --- > +static QCryptoTLSCreds *nbd_get_tls_creds(const char *id, Error **errp= ) > +{ > + Object *obj; > + QCryptoTLSCreds *creds; > + > + obj =3D object_resolve_path_component( > + object_get_objects_root(), id); > + if (!obj) { > + error_setg(errp, "No TLS credentials with id '%s'", > + id); > + return NULL; > + } > + creds =3D (QCryptoTLSCreds *) > + object_dynamic_cast(obj, TYPE_QCRYPTO_TLS_CREDS); Do we really need the C cast alongside an object_dynamic_cast()? > +++ b/qapi/block.json > @@ -146,13 +146,15 @@ > # QEMU instance could refer to them as "nbd:HOST:PORT:exportname=3DNAM= E". > # > # @addr: Address on which to listen. > +# @tls-creds: (optional) ID of the TLS credentials object. Since 2.6 Worth a comment that it only works with IPv4/6? --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --v1xBMSh8Utlwsr5eNHCnjsphn0GCgrxaO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJWs3tmAAoJEKeha0olJ0NqBo4H/ihq95JuouAomTxDtOiUwvfi t/oiZNu4+Og49KIe97qta+Se4gDFxn4lq13T2dUn3F3zA+3KEb9qchnJtvqy9xia ZDXfXadZPl3oLDCKSgPQsA4ESQxUUI3w3N6B7ZNCbRMOAAg2Gw2w7W7emJv4M6cs ZYUSOISSZ5PcUpeFNPV37sHcQrJ3Zz8mBDFDQXsf1pBIm6ElcgAAjYOO8Yy0ivAX vqiaAp0k8/aQTkvXwBR1JP6sb306BdIYmUHy7/Q4UYRRTgDXkCunvrzDVO7YBM87 eplEe+fE6JowAx5T4m+u4LLTYb3rB3kEIVTWj/7tt1nD6Ptj+pOkJgTyK6y+WiQ= =aws8 -----END PGP SIGNATURE----- --v1xBMSh8Utlwsr5eNHCnjsphn0GCgrxaO--