block/nbd: don't restrict TLS usage to IP sockets

The TLS usage for NBD was restricted to IP sockets because validating x509 certificates requires knowledge of the hostname that the client is connecting to. TLS does not have to use x509 certificates though, as PSK (pre-shared keys) provide an alternative credential option. These have no requirement for a hostname and can thus be trivially used for UNIX sockets. Furthermore, with the ability to overide the default hostname for TLS validation in the previous patch, it is now also valid to want to use x509 certificates with FD passing and UNIX sockets. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220304193610.3293146-6-berrange@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
2025-08-04 00:03:54 -06:00 · 2022-03-04 19:36:03 +00:00 · 2022-03-04 19:36:03 +00:00 · e8ae8b1a75
commit e8ae8b1a75
parent 003b2b2521
3 changed files with 5 additions and 17 deletions
--- a/blockdev-nbd.c
+++ b/blockdev-nbd.c
@ -148,12 +148,6 @@ void nbd_server_start(SocketAddress *addr, const char *tls_creds,
        if (!nbd_server->tlscreds) {
            goto error;
        }
-
-        /* TODO SOCKET_ADDRESS_TYPE_FD where fd has AF_INET or AF_INET6 */
-        if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
-            error_setg(errp, "TLS is only supported with IPv4/IPv6");
-            goto error;
-        }
    }

    nbd_server->tlsauthz = g_strdup(tls_authz);