From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Laurent Vivier" <lvivier@redhat.com>,
"Thomas Huth" <thuth@redhat.com>,
"Daniel P. Berrangé" <berrange@redhat.com>,
"Juan Quintela" <quintela@redhat.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
"Peter Xu" <peterx@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>
Subject: [PATCH 07/18] migration: fix use of TLS PSK credentials with a UNIX socket
Date: Wed, 2 Mar 2022 17:49:21 +0000 [thread overview]
Message-ID: <20220302174932.2692378-8-berrange@redhat.com> (raw)
In-Reply-To: <20220302174932.2692378-1-berrange@redhat.com>
The migration TLS code has a check mandating that a hostname be
available when starting a TLS session. This is expected when using
x509 credentials, but is bogus for PSK and anonymous credentials
as neither involve hostname validation.
The TLS crdentials object gained suitable error reporting in the
case of TLS with x509 credentials, so there is no longer any need
for the migration code to do its own (incorrect) validation.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
migration/tls.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/migration/tls.c b/migration/tls.c
index ca1ea3bbdd..32c384a8b6 100644
--- a/migration/tls.c
+++ b/migration/tls.c
@@ -137,10 +137,6 @@ QIOChannelTLS *migration_tls_client_create(MigrationState *s,
if (s->parameters.tls_hostname && *s->parameters.tls_hostname) {
hostname = s->parameters.tls_hostname;
}
- if (!hostname) {
- error_setg(errp, "No hostname available for TLS");
- return NULL;
- }
tioc = qio_channel_tls_new_client(
ioc, creds, hostname, errp);
--
2.34.1
next prev parent reply other threads:[~2022-03-02 17:52 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-02 17:49 [PATCH 00/18] tests: introduce testing coverage for TLS with migration Daniel P. Berrangé
2022-03-02 17:49 ` [PATCH 01/18] tests: fix encoding of IP addresses in x509 certs Daniel P. Berrangé
2022-03-02 17:49 ` [PATCH 02/18] tests: improve error message when saving TLS PSK file fails Daniel P. Berrangé
2022-03-07 6:52 ` Peter Xu
2022-03-02 17:49 ` [PATCH 03/18] tests: support QTEST_TRACE env variable Daniel P. Berrangé
2022-03-07 6:53 ` Peter Xu
2022-03-07 10:06 ` Thomas Huth
2022-03-02 17:49 ` [PATCH 04/18] tests: print newline after QMP response in qtest logs Daniel P. Berrangé
2022-03-07 6:51 ` Peter Xu
2022-03-07 10:06 ` Daniel P. Berrangé
2022-03-07 10:09 ` Thomas Huth
2022-03-07 10:20 ` Peter Xu
2022-03-10 10:55 ` Daniel P. Berrangé
2022-03-10 11:11 ` Marc-André Lureau
2022-03-10 11:35 ` Daniel P. Berrangé
2022-03-10 11:50 ` Marc-André Lureau
2022-03-10 12:02 ` Daniel P. Berrangé
2022-03-10 11:53 ` Marc-André Lureau
2022-03-10 12:08 ` Thomas Huth
2022-03-10 13:35 ` Dr. David Alan Gilbert
2022-03-02 17:49 ` [PATCH 05/18] tests: add more helper macros for creating TLS x509 certs Daniel P. Berrangé
2022-03-02 17:49 ` [PATCH 06/18] crypto: mandate a hostname when checking x509 creds on a client Daniel P. Berrangé
2022-03-02 17:49 ` Daniel P. Berrangé [this message]
2022-03-07 7:08 ` [PATCH 07/18] migration: fix use of TLS PSK credentials with a UNIX socket Peter Xu
2022-03-07 10:08 ` Daniel P. Berrangé
2022-03-02 17:49 ` [PATCH 08/18] tests: merge code for UNIX and TCP migration pre-copy tests Daniel P. Berrangé
2022-03-07 7:16 ` Peter Xu
2022-03-07 10:11 ` Thomas Huth
2022-03-10 11:00 ` Daniel P. Berrangé
2022-03-02 17:49 ` [PATCH 09/18] tests: introduce ability to provide hooks for migration precopy test Daniel P. Berrangé
2022-03-07 7:19 ` Peter Xu
2022-03-02 17:49 ` [PATCH 10/18] tests: switch migration FD passing test to use common precopy helper Daniel P. Berrangé
2022-03-07 7:22 ` Peter Xu
2022-03-02 17:49 ` [PATCH 11/18] tests: expand the migration precopy helper to support failures Daniel P. Berrangé
2022-03-07 7:39 ` Peter Xu
2022-03-07 10:10 ` Daniel P. Berrangé
2022-03-07 7:57 ` Peter Xu
2022-03-10 16:18 ` Daniel P. Berrangé
2022-03-02 17:49 ` [PATCH 12/18] tests: add migration tests of TLS with PSK credentials Daniel P. Berrangé
2022-03-07 10:12 ` Thomas Huth
2022-03-02 17:49 ` [PATCH 13/18] tests: add migration tests of TLS with x509 credentials Daniel P. Berrangé
2022-03-02 17:49 ` [PATCH 14/18] tests: convert XBZRLE migration test to use common helper Daniel P. Berrangé
2022-03-07 8:01 ` Peter Xu
2022-03-02 17:49 ` [PATCH 15/18] tests: convert multifd migration tests " Daniel P. Berrangé
2022-03-02 17:49 ` [PATCH 16/18] tests: add multifd migration tests of TLS with PSK credentials Daniel P. Berrangé
2022-03-02 17:49 ` [PATCH 17/18] tests: add multifd migration tests of TLS with x509 credentials Daniel P. Berrangé
2022-03-02 17:49 ` [PATCH 18/18] tests: ensure migration status isn't reported as failed Daniel P. Berrangé
2022-03-07 8:09 ` Peter Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220302174932.2692378-8-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=dgilbert@redhat.com \
--cc=lvivier@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).