From patchwork Thu Mar 10 17:18:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= X-Patchwork-Id: 1604032 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=iiL7mzt8; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KDwrp0xp2z9sGl for ; Fri, 11 Mar 2022 04:23:38 +1100 (AEDT) Received: from localhost ([::1]:49942 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nSMVj-0000qT-RU for incoming@patchwork.ozlabs.org; Thu, 10 Mar 2022 12:23:35 -0500 Received: from eggs.gnu.org ([209.51.188.92]:60498) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nSMSE-0003TU-B6 for qemu-devel@nongnu.org; Thu, 10 Mar 2022 12:19:59 -0500 Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124]:52373) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nSMSC-0003hM-Sw for qemu-devel@nongnu.org; Thu, 10 Mar 2022 12:19:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1646932795; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ivqX3reEgW0Ybx2wFwyhYb/t8wsrnYVRvzeaNB0ctU8=; b=iiL7mzt8fLiObD6QUnJ0gM/oPaVIqYyAScTVQ9pv5P0hs6gG5giOO3X1eCxfJVs/wyqgvT JaI5mjVejWD9g94/n4vgAKn6K7N6aUvkhzNJ0rbfk8nhHqtKJlO1hqSrNCcbnfm8oe3V/2 1RVoYpnIOSkR14qcDO9EUFC8Ax4+bKM= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-630-WvmYeJ_FPiWDrJ5fPeuO0w-1; Thu, 10 Mar 2022 12:19:27 -0500 X-MC-Unique: WvmYeJ_FPiWDrJ5fPeuO0w-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E36BA51DC for ; Thu, 10 Mar 2022 17:19:26 +0000 (UTC) Received: from localhost.localdomain.com (unknown [10.33.36.68]) by smtp.corp.redhat.com (Postfix) with ESMTP id C54A2101E692; Thu, 10 Mar 2022 17:19:24 +0000 (UTC) From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= To: qemu-devel@nongnu.org Subject: [PATCH v2 06/18 for-7.0] migration: fix use of TLS PSK credentials with a UNIX socket Date: Thu, 10 Mar 2022 17:18:09 +0000 Message-Id: <20220310171821.3724080-7-berrange@redhat.com> In-Reply-To: <20220310171821.3724080-1-berrange@redhat.com> References: <20220310171821.3724080-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=berrange@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Received-SPF: pass client-ip=170.10.133.124; envelope-from=berrange@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -21 X-Spam_score: -2.2 X-Spam_bar: -- X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.082, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Laurent Vivier , Thomas Huth , =?utf-8?q?Daniel_P=2E_Berrang=C3=A9?= , Juan Quintela , "Dr. David Alan Gilbert" , Peter Xu , Paolo Bonzini Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The migration TLS code has a check mandating that a hostname be available when starting a TLS session. This is expected when using x509 credentials, but is bogus for PSK and anonymous credentials as neither involve hostname validation. The TLS crdentials object gained suitable error reporting in the case of TLS with x509 credentials, so there is no longer any need for the migration code to do its own (incorrect) validation. Signed-off-by: Daniel P. Berrangé Reviewed-by: Juan Quintela --- migration/tls.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/migration/tls.c b/migration/tls.c index ca1ea3bbdd..32c384a8b6 100644 --- a/migration/tls.c +++ b/migration/tls.c @@ -137,10 +137,6 @@ QIOChannelTLS *migration_tls_client_create(MigrationState *s, if (s->parameters.tls_hostname && *s->parameters.tls_hostname) { hostname = s->parameters.tls_hostname; } - if (!hostname) { - error_setg(errp, "No hostname available for TLS"); - return NULL; - } tioc = qio_channel_tls_new_client( ioc, creds, hostname, errp);