Git Repo - qemu.git/commit

author	Daniel P. Berrange <[email protected]>
	Wed, 10 Feb 2016 18:41:13 +0000 (18:41 +0000)
committer	Paolo Bonzini <[email protected]>
	Tue, 16 Feb 2016 16:17:42 +0000 (17:17 +0100)
commit	145614a112a8e67d6c84b26faaf2b2002e17d9be
tree	fa7204b2f7957acfe349a3bb3345fc7ddb38ae2b	tree \| snapshot
parent	75822a12c046646684bc8cad6296842b60e7b6bb	commit \| diff

nbd: enable use of TLS with qemu-nbd server

This modifies the qemu-nbd program so that it is possible to
request the use of TLS with the server. It simply adds a new
command line option --tls-creds which is used to provide the
ID of a QCryptoTLSCreds object previously created via the
--object command line option.

For example

  qemu-nbd --object tls-creds-x509,id=tls0,endpoint=server,\
                    dir=/home/berrange/security/qemutls \
           --tls-creds tls0 \
           --exportname default

TLS requires the new style NBD protocol, so if no export name
is set (via --export-name), then we use the default NBD protocol
export name ""

TLS is only supported when using an IPv4/IPv6 socket listener.
It is not possible to use with UNIX sockets, which includes
when connecting the NBD server to a host device.

Signed-off-by: Daniel P. Berrange <[email protected]>
Message-Id: <1455129674 [email protected]>
Signed-off-by: Paolo Bonzini <[email protected]>

qemu-nbd.c		diff \| blob \| blame \| history
qemu-nbd.texi		diff \| blob \| blame \| history