[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[Nbd] TLS implementation in reference nbd-server



Hi,

While stuck in an airport on a 9-hour layover two days ago, I (finally)
spent some time working on a STARTTLS implementation for the reference
nbd-server implementation. Configuration is fairly basic; just add a
"tlsdir = " configuration item to the nbd-server config file, create a
ca.pem, priv.pem, and cert.pem file in that location, and you're good.
The current implementation doesn't allow for authenticating clients
through certificates or other means; I will probably want to add that at
some point in the future, but not just yet.

It's not been tested yet, however, because the client side hasn't been
done yet. I will do that before I release this (probably by adding Alex'
implementation from a few months back). Also, I think I should test
against current implementations of the NBD STARTTLS option (e.g., qemu),
and see if things interoperate with that too, before going further.
Hasn't been done yet (mostly because the documentation on how to do
starttls in qemu nbd seems incomplete, at best; a pointer to an example
or some such would be welcome), but expect this in the next few weeks or
so.

If you want to check it out, just run nbd-server from git master.
Feedback (and/or review) welcome :-)

-- 
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
       people in the world who think they really understand all of its rules,
       and pretty much all of them are just lying to themselves too.
 -- #debian-devel, OFTC, 2016-02-12



Reply to: