* [PATCH 0/4] TLS fixes for 6.18
@ 2025-10-19 0:10 Trond Myklebust
2025-10-19 0:10 ` [PATCH 1/4] pnfs: Fix TLS logic in _nfs4_pnfs_v3_ds_connect() Trond Myklebust
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Trond Myklebust @ 2025-10-19 0:10 UTC (permalink / raw)
To: linux-nfs; +Cc: Mike Snitzer, Olga Kornievskaia, Christoph Hellwig
From: Trond Myklebust <trond.myklebust@hammerspace.com>
The following patches fix a couple of logic errors in the pNFS files and
flexfiles drivers' use of TLS. The first two fix logic errors which can
cause TLS-incapable protocols such as RDMA to be added to existing
TLS/TCP NFS clients.
The second patch adds fixes to ensure that the DS client TLS policy
settings match the requested transport type.
Finally, there is a fix to ensure that if the mount syscall parameters
include the "cert_serial" and "privkey_serial" options, then
nfs_match_client() will check those parameters against existing
nfs_client instances.
Trond Myklebust (4):
pnfs: Fix TLS logic in _nfs4_pnfs_v3_ds_connect()
pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect()
pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using
TLS
NFS: Check the TLS certificate fields in nfs_match_client()
fs/nfs/client.c | 8 ++++++
fs/nfs/nfs3client.c | 14 ++++++++--
fs/nfs/nfs4client.c | 14 ++++++++--
fs/nfs/pnfs_nfs.c | 66 ++++++++++++++++++++++++---------------------
4 files changed, 67 insertions(+), 35 deletions(-)
--
2.51.0
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/4] pnfs: Fix TLS logic in _nfs4_pnfs_v3_ds_connect()
2025-10-19 0:10 [PATCH 0/4] TLS fixes for 6.18 Trond Myklebust
@ 2025-10-19 0:10 ` Trond Myklebust
2025-10-19 0:10 ` [PATCH 2/4] pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() Trond Myklebust
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Trond Myklebust @ 2025-10-19 0:10 UTC (permalink / raw)
To: linux-nfs; +Cc: Mike Snitzer, Olga Kornievskaia, Christoph Hellwig
From: Trond Myklebust <trond.myklebust@hammerspace.com>
Don't try to add an RDMA transport to a client that is already marked as
being a TCP/TLS transport.
Fixes: 04a15263662a ("pnfs/flexfiles: connect to NFSv3 DS using TLS if MDS connection uses TLS")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
---
fs/nfs/pnfs_nfs.c | 32 ++++++++++++++++++--------------
1 file changed, 18 insertions(+), 14 deletions(-)
diff --git a/fs/nfs/pnfs_nfs.c b/fs/nfs/pnfs_nfs.c
index 7b32afb29782..ff48056bf750 100644
--- a/fs/nfs/pnfs_nfs.c
+++ b/fs/nfs/pnfs_nfs.c
@@ -809,8 +809,11 @@ static int _nfs4_pnfs_v3_ds_connect(struct nfs_server *mds_srv,
unsigned int retrans)
{
struct nfs_client *clp = ERR_PTR(-EIO);
+ struct nfs_client *mds_clp = mds_srv->nfs_client;
+ enum xprtsec_policies xprtsec_policy = mds_clp->cl_xprtsec.policy;
struct nfs4_pnfs_ds_addr *da;
unsigned long connect_timeout = timeo * (retrans + 1) * HZ / 10;
+ int ds_proto;
int status = 0;
dprintk("--> %s DS %s\n", __func__, ds->ds_remotestr);
@@ -834,27 +837,28 @@ static int _nfs4_pnfs_v3_ds_connect(struct nfs_server *mds_srv,
.xprtsec = clp->cl_xprtsec,
};
- if (da->da_transport != clp->cl_proto &&
- clp->cl_proto != XPRT_TRANSPORT_TCP_TLS)
- continue;
- if (da->da_transport == XPRT_TRANSPORT_TCP &&
- mds_srv->nfs_client->cl_proto == XPRT_TRANSPORT_TCP_TLS)
+ if (xprt_args.ident == XPRT_TRANSPORT_TCP &&
+ clp->cl_proto == XPRT_TRANSPORT_TCP_TLS)
xprt_args.ident = XPRT_TRANSPORT_TCP_TLS;
- if (da->da_addr.ss_family != clp->cl_addr.ss_family)
+ if (xprt_args.ident != clp->cl_proto)
+ continue;
+ if (xprt_args.dstaddr->sa_family !=
+ clp->cl_addr.ss_family)
continue;
/* Add this address as an alias */
rpc_clnt_add_xprt(clp->cl_rpcclient, &xprt_args,
- rpc_clnt_test_and_add_xprt, NULL);
+ rpc_clnt_test_and_add_xprt, NULL);
continue;
}
- if (da->da_transport == XPRT_TRANSPORT_TCP &&
- mds_srv->nfs_client->cl_proto == XPRT_TRANSPORT_TCP_TLS)
- da->da_transport = XPRT_TRANSPORT_TCP_TLS;
- clp = get_v3_ds_connect(mds_srv,
- &da->da_addr,
- da->da_addrlen, da->da_transport,
- timeo, retrans);
+
+ ds_proto = da->da_transport;
+ if (ds_proto == XPRT_TRANSPORT_TCP &&
+ xprtsec_policy != RPC_XPRTSEC_NONE)
+ ds_proto = XPRT_TRANSPORT_TCP_TLS;
+
+ clp = get_v3_ds_connect(mds_srv, &da->da_addr, da->da_addrlen,
+ ds_proto, timeo, retrans);
if (IS_ERR(clp))
continue;
clp->cl_rpcclient->cl_softerr = 0;
--
2.51.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/4] pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect()
2025-10-19 0:10 [PATCH 0/4] TLS fixes for 6.18 Trond Myklebust
2025-10-19 0:10 ` [PATCH 1/4] pnfs: Fix TLS logic in _nfs4_pnfs_v3_ds_connect() Trond Myklebust
@ 2025-10-19 0:10 ` Trond Myklebust
2025-10-19 0:10 ` [PATCH 3/4] pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS Trond Myklebust
2025-10-19 0:10 ` [PATCH 4/4] NFS: Check the TLS certificate fields in nfs_match_client() Trond Myklebust
3 siblings, 0 replies; 6+ messages in thread
From: Trond Myklebust @ 2025-10-19 0:10 UTC (permalink / raw)
To: linux-nfs; +Cc: Mike Snitzer, Olga Kornievskaia, Christoph Hellwig
From: Trond Myklebust <trond.myklebust@hammerspace.com>
Don't try to add an RDMA transport to a client that is already marked as
being a TCP/TLS transport.
Fixes: a35518cae4b3 ("NFSv4.1/pnfs: fix NFS with TLS in pnfs")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
---
fs/nfs/pnfs_nfs.c | 34 +++++++++++++++++-----------------
1 file changed, 17 insertions(+), 17 deletions(-)
diff --git a/fs/nfs/pnfs_nfs.c b/fs/nfs/pnfs_nfs.c
index ff48056bf750..9976cc16b689 100644
--- a/fs/nfs/pnfs_nfs.c
+++ b/fs/nfs/pnfs_nfs.c
@@ -884,7 +884,10 @@ static int _nfs4_pnfs_v4_ds_connect(struct nfs_server *mds_srv,
u32 minor_version)
{
struct nfs_client *clp = ERR_PTR(-EIO);
+ struct nfs_client *mds_clp = mds_srv->nfs_client;
+ enum xprtsec_policies xprtsec_policy = mds_clp->cl_xprtsec.policy;
struct nfs4_pnfs_ds_addr *da;
+ int ds_proto;
int status = 0;
dprintk("--> %s DS %s\n", __func__, ds->ds_remotestr);
@@ -912,12 +915,8 @@ static int _nfs4_pnfs_v4_ds_connect(struct nfs_server *mds_srv,
.data = &xprtdata,
};
- if (da->da_transport != clp->cl_proto &&
- clp->cl_proto != XPRT_TRANSPORT_TCP_TLS)
- continue;
- if (da->da_transport == XPRT_TRANSPORT_TCP &&
- mds_srv->nfs_client->cl_proto ==
- XPRT_TRANSPORT_TCP_TLS) {
+ if (xprt_args.ident == XPRT_TRANSPORT_TCP &&
+ clp->cl_proto == XPRT_TRANSPORT_TCP_TLS) {
struct sockaddr *addr =
(struct sockaddr *)&da->da_addr;
struct sockaddr_in *sin =
@@ -948,7 +947,10 @@ static int _nfs4_pnfs_v4_ds_connect(struct nfs_server *mds_srv,
xprt_args.ident = XPRT_TRANSPORT_TCP_TLS;
xprt_args.servername = servername;
}
- if (da->da_addr.ss_family != clp->cl_addr.ss_family)
+ if (xprt_args.ident != clp->cl_proto)
+ continue;
+ if (xprt_args.dstaddr->sa_family !=
+ clp->cl_addr.ss_family)
continue;
/**
@@ -962,15 +964,14 @@ static int _nfs4_pnfs_v4_ds_connect(struct nfs_server *mds_srv,
if (xprtdata.cred)
put_cred(xprtdata.cred);
} else {
- if (da->da_transport == XPRT_TRANSPORT_TCP &&
- mds_srv->nfs_client->cl_proto ==
- XPRT_TRANSPORT_TCP_TLS)
- da->da_transport = XPRT_TRANSPORT_TCP_TLS;
- clp = nfs4_set_ds_client(mds_srv,
- &da->da_addr,
- da->da_addrlen,
- da->da_transport, timeo,
- retrans, minor_version);
+ ds_proto = da->da_transport;
+ if (ds_proto == XPRT_TRANSPORT_TCP &&
+ xprtsec_policy != RPC_XPRTSEC_NONE)
+ ds_proto = XPRT_TRANSPORT_TCP_TLS;
+
+ clp = nfs4_set_ds_client(mds_srv, &da->da_addr,
+ da->da_addrlen, ds_proto,
+ timeo, retrans, minor_version);
if (IS_ERR(clp))
continue;
@@ -981,7 +982,6 @@ static int _nfs4_pnfs_v4_ds_connect(struct nfs_server *mds_srv,
clp = ERR_PTR(-EIO);
continue;
}
-
}
}
--
2.51.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 3/4] pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS
2025-10-19 0:10 [PATCH 0/4] TLS fixes for 6.18 Trond Myklebust
2025-10-19 0:10 ` [PATCH 1/4] pnfs: Fix TLS logic in _nfs4_pnfs_v3_ds_connect() Trond Myklebust
2025-10-19 0:10 ` [PATCH 2/4] pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() Trond Myklebust
@ 2025-10-19 0:10 ` Trond Myklebust
2025-10-19 17:11 ` Chuck Lever
2025-10-19 0:10 ` [PATCH 4/4] NFS: Check the TLS certificate fields in nfs_match_client() Trond Myklebust
3 siblings, 1 reply; 6+ messages in thread
From: Trond Myklebust @ 2025-10-19 0:10 UTC (permalink / raw)
To: linux-nfs; +Cc: Mike Snitzer, Olga Kornievskaia, Christoph Hellwig
From: Trond Myklebust <trond.myklebust@hammerspace.com>
The default setting for the transport security policy must be
RPC_XPRTSEC_NONE, when using a TCP or RDMA connection without TLS.
Conversely, when using TLS, the security policy needs to be set.
Fixes: 6c0a8c5fcf71 ("NFS: Have struct nfs_client carry a TLS policy field")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
---
fs/nfs/nfs3client.c | 14 ++++++++++++--
fs/nfs/nfs4client.c | 14 ++++++++++++--
2 files changed, 24 insertions(+), 4 deletions(-)
diff --git a/fs/nfs/nfs3client.c b/fs/nfs/nfs3client.c
index 0d7310c1ee0c..5d97c1d38bb6 100644
--- a/fs/nfs/nfs3client.c
+++ b/fs/nfs/nfs3client.c
@@ -2,6 +2,7 @@
#include <linux/nfs_fs.h>
#include <linux/nfs_mount.h>
#include <linux/sunrpc/addr.h>
+#include <net/handshake.h>
#include "internal.h"
#include "nfs3_fs.h"
#include "netns.h"
@@ -98,7 +99,11 @@ struct nfs_client *nfs3_set_ds_client(struct nfs_server *mds_srv,
.net = mds_clp->cl_net,
.timeparms = &ds_timeout,
.cred = mds_srv->cred,
- .xprtsec = mds_clp->cl_xprtsec,
+ .xprtsec = {
+ .policy = RPC_XPRTSEC_NONE,
+ .cert_serial = TLS_NO_CERT,
+ .privkey_serial = TLS_NO_PRIVKEY,
+ },
.connect_timeout = connect_timeout,
.reconnect_timeout = connect_timeout,
};
@@ -111,9 +116,14 @@ struct nfs_client *nfs3_set_ds_client(struct nfs_server *mds_srv,
cl_init.hostname = buf;
switch (ds_proto) {
+ case XPRT_TRANSPORT_TCP_TLS:
+ if (mds_clp->cl_xprtsec.policy != RPC_XPRTSEC_NONE)
+ cl_init.xprtsec = mds_clp->cl_xprtsec;
+ else
+ ds_proto = XPRT_TRANSPORT_TCP;
+ fallthrough;
case XPRT_TRANSPORT_RDMA:
case XPRT_TRANSPORT_TCP:
- case XPRT_TRANSPORT_TCP_TLS:
if (mds_clp->cl_nconnect > 1)
cl_init.nconnect = mds_clp->cl_nconnect;
}
diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c
index 6fddf43d729c..bb4c41ad7134 100644
--- a/fs/nfs/nfs4client.c
+++ b/fs/nfs/nfs4client.c
@@ -11,6 +11,7 @@
#include <linux/sunrpc/xprt.h>
#include <linux/sunrpc/bc_xprt.h>
#include <linux/sunrpc/rpc_pipe_fs.h>
+#include <net/handshake.h>
#include "internal.h"
#include "callback.h"
#include "delegation.h"
@@ -982,7 +983,11 @@ struct nfs_client *nfs4_set_ds_client(struct nfs_server *mds_srv,
.net = mds_clp->cl_net,
.timeparms = &ds_timeout,
.cred = mds_srv->cred,
- .xprtsec = mds_srv->nfs_client->cl_xprtsec,
+ .xprtsec = {
+ .policy = RPC_XPRTSEC_NONE,
+ .cert_serial = TLS_NO_CERT,
+ .privkey_serial = TLS_NO_PRIVKEY,
+ },
};
char buf[INET6_ADDRSTRLEN + 1];
@@ -991,9 +996,14 @@ struct nfs_client *nfs4_set_ds_client(struct nfs_server *mds_srv,
cl_init.hostname = buf;
switch (ds_proto) {
+ case XPRT_TRANSPORT_TCP_TLS:
+ if (mds_srv->nfs_client->cl_xprtsec.policy != RPC_XPRTSEC_NONE)
+ cl_init.xprtsec = mds_srv->nfs_client->cl_xprtsec;
+ else
+ ds_proto = XPRT_TRANSPORT_TCP;
+ fallthrough;
case XPRT_TRANSPORT_RDMA:
case XPRT_TRANSPORT_TCP:
- case XPRT_TRANSPORT_TCP_TLS:
if (mds_clp->cl_nconnect > 1) {
cl_init.nconnect = mds_clp->cl_nconnect;
cl_init.max_connect = NFS_MAX_TRANSPORTS;
--
2.51.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 4/4] NFS: Check the TLS certificate fields in nfs_match_client()
2025-10-19 0:10 [PATCH 0/4] TLS fixes for 6.18 Trond Myklebust
` (2 preceding siblings ...)
2025-10-19 0:10 ` [PATCH 3/4] pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS Trond Myklebust
@ 2025-10-19 0:10 ` Trond Myklebust
3 siblings, 0 replies; 6+ messages in thread
From: Trond Myklebust @ 2025-10-19 0:10 UTC (permalink / raw)
To: linux-nfs; +Cc: Mike Snitzer, Olga Kornievskaia, Christoph Hellwig
From: Trond Myklebust <trond.myklebust@hammerspace.com>
If the TLS security policy is of type RPC_XPRTSEC_TLS_X509, then the
cert_serial and privkey_serial fields need to match as well since they
define the client's identity, as presented to the server.
Fixes: 90c9550a8d65 ("NFS: support the kernel keyring for TLS")
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
---
fs/nfs/client.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/fs/nfs/client.c b/fs/nfs/client.c
index 4e3dcc157a83..54699299d5b1 100644
--- a/fs/nfs/client.c
+++ b/fs/nfs/client.c
@@ -338,6 +338,14 @@ static struct nfs_client *nfs_match_client(const struct nfs_client_initdata *dat
/* Match the xprt security policy */
if (clp->cl_xprtsec.policy != data->xprtsec.policy)
continue;
+ if (clp->cl_xprtsec.policy == RPC_XPRTSEC_TLS_X509) {
+ if (clp->cl_xprtsec.cert_serial !=
+ data->xprtsec.cert_serial)
+ continue;
+ if (clp->cl_xprtsec.privkey_serial !=
+ data->xprtsec.privkey_serial)
+ continue;
+ }
refcount_inc(&clp->cl_count);
return clp;
--
2.51.0
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 3/4] pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS
2025-10-19 0:10 ` [PATCH 3/4] pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS Trond Myklebust
@ 2025-10-19 17:11 ` Chuck Lever
0 siblings, 0 replies; 6+ messages in thread
From: Chuck Lever @ 2025-10-19 17:11 UTC (permalink / raw)
To: Trond Myklebust, linux-nfs
Cc: Mike Snitzer, Olga Kornievskaia, Christoph Hellwig
On 10/18/25 8:10 PM, Trond Myklebust wrote:
> From: Trond Myklebust <trond.myklebust@hammerspace.com>
>
> The default setting for the transport security policy must be
> RPC_XPRTSEC_NONE, when using a TCP or RDMA connection without TLS.
> Conversely, when using TLS, the security policy needs to be set.
That matches my understanding.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
>
> Fixes: 6c0a8c5fcf71 ("NFS: Have struct nfs_client carry a TLS policy field")
> Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>
> ---
> fs/nfs/nfs3client.c | 14 ++++++++++++--
> fs/nfs/nfs4client.c | 14 ++++++++++++--
> 2 files changed, 24 insertions(+), 4 deletions(-)
>
> diff --git a/fs/nfs/nfs3client.c b/fs/nfs/nfs3client.c
> index 0d7310c1ee0c..5d97c1d38bb6 100644
> --- a/fs/nfs/nfs3client.c
> +++ b/fs/nfs/nfs3client.c
> @@ -2,6 +2,7 @@
> #include <linux/nfs_fs.h>
> #include <linux/nfs_mount.h>
> #include <linux/sunrpc/addr.h>
> +#include <net/handshake.h>
> #include "internal.h"
> #include "nfs3_fs.h"
> #include "netns.h"
> @@ -98,7 +99,11 @@ struct nfs_client *nfs3_set_ds_client(struct nfs_server *mds_srv,
> .net = mds_clp->cl_net,
> .timeparms = &ds_timeout,
> .cred = mds_srv->cred,
> - .xprtsec = mds_clp->cl_xprtsec,
> + .xprtsec = {
> + .policy = RPC_XPRTSEC_NONE,
> + .cert_serial = TLS_NO_CERT,
> + .privkey_serial = TLS_NO_PRIVKEY,
> + },
> .connect_timeout = connect_timeout,
> .reconnect_timeout = connect_timeout,
> };
> @@ -111,9 +116,14 @@ struct nfs_client *nfs3_set_ds_client(struct nfs_server *mds_srv,
> cl_init.hostname = buf;
>
> switch (ds_proto) {
> + case XPRT_TRANSPORT_TCP_TLS:
> + if (mds_clp->cl_xprtsec.policy != RPC_XPRTSEC_NONE)
> + cl_init.xprtsec = mds_clp->cl_xprtsec;
> + else
> + ds_proto = XPRT_TRANSPORT_TCP;
> + fallthrough;
> case XPRT_TRANSPORT_RDMA:
> case XPRT_TRANSPORT_TCP:
> - case XPRT_TRANSPORT_TCP_TLS:
> if (mds_clp->cl_nconnect > 1)
> cl_init.nconnect = mds_clp->cl_nconnect;
> }
> diff --git a/fs/nfs/nfs4client.c b/fs/nfs/nfs4client.c
> index 6fddf43d729c..bb4c41ad7134 100644
> --- a/fs/nfs/nfs4client.c
> +++ b/fs/nfs/nfs4client.c
> @@ -11,6 +11,7 @@
> #include <linux/sunrpc/xprt.h>
> #include <linux/sunrpc/bc_xprt.h>
> #include <linux/sunrpc/rpc_pipe_fs.h>
> +#include <net/handshake.h>
> #include "internal.h"
> #include "callback.h"
> #include "delegation.h"
> @@ -982,7 +983,11 @@ struct nfs_client *nfs4_set_ds_client(struct nfs_server *mds_srv,
> .net = mds_clp->cl_net,
> .timeparms = &ds_timeout,
> .cred = mds_srv->cred,
> - .xprtsec = mds_srv->nfs_client->cl_xprtsec,
> + .xprtsec = {
> + .policy = RPC_XPRTSEC_NONE,
> + .cert_serial = TLS_NO_CERT,
> + .privkey_serial = TLS_NO_PRIVKEY,
> + },
> };
> char buf[INET6_ADDRSTRLEN + 1];
>
> @@ -991,9 +996,14 @@ struct nfs_client *nfs4_set_ds_client(struct nfs_server *mds_srv,
> cl_init.hostname = buf;
>
> switch (ds_proto) {
> + case XPRT_TRANSPORT_TCP_TLS:
> + if (mds_srv->nfs_client->cl_xprtsec.policy != RPC_XPRTSEC_NONE)
> + cl_init.xprtsec = mds_srv->nfs_client->cl_xprtsec;
> + else
> + ds_proto = XPRT_TRANSPORT_TCP;
> + fallthrough;
> case XPRT_TRANSPORT_RDMA:
> case XPRT_TRANSPORT_TCP:
> - case XPRT_TRANSPORT_TCP_TLS:
> if (mds_clp->cl_nconnect > 1) {
> cl_init.nconnect = mds_clp->cl_nconnect;
> cl_init.max_connect = NFS_MAX_TRANSPORTS;
--
Chuck Lever
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2025-10-19 17:12 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-19 0:10 [PATCH 0/4] TLS fixes for 6.18 Trond Myklebust
2025-10-19 0:10 ` [PATCH 1/4] pnfs: Fix TLS logic in _nfs4_pnfs_v3_ds_connect() Trond Myklebust
2025-10-19 0:10 ` [PATCH 2/4] pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() Trond Myklebust
2025-10-19 0:10 ` [PATCH 3/4] pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS Trond Myklebust
2025-10-19 17:11 ` Chuck Lever
2025-10-19 0:10 ` [PATCH 4/4] NFS: Check the TLS certificate fields in nfs_match_client() Trond Myklebust
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).