Hi folks,
The STARTTLS implementation in nbd-server is almost ready. Still TODO:
- Interoperability testing against qemu (yes, yes, I said I'd do that
earlier, but hey)
- Client certificate validation
- Enforcing TLS1.2 by default
- Allowing versions of GnuTLS older than 3.3
Other than that, I think we're good.
Alex: I pulled the nbd-client and nbd-tester-client implementation from
your 'add-tls-support' branch, and it seems to work well; at the very
least, the current implementation passes the test suite. Man page
updates have been written too. I've had to make a few small changes to
make it work on current git HEAD, but most of it is pretty much
unchanged from your code.
In total, there's 80 commits since 3.14 up to current master, a number
of new features (multiple connections, STARTTLS, splice), and a few bug
fixes.
I think it's time to release.
--
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
people in the world who think they really understand all of its rules,
and pretty much all of them are just lying to themselves too.
-- #debian-devel, OFTC, 2016-02-12
Attachment:
signature.asc
Description: PGP signature