qemu/crypto
Daniel P. Berrangé d41997e465 crypto: mandate a hostname when checking x509 creds on a client
Currently the TLS session object assumes that the caller will always
provide a hostname when using x509 creds on a client endpoint. This
relies on the caller to detect and report an error if the user has
configured QEMU with x509 credentials on a UNIX socket. The migration
code has such a check, but it is too broad, reporting an error when
the user has configured QEMU with PSK credentials on a UNIX socket,
where hostnames are irrelevant.

Putting the check into the TLS session object credentials validation
code ensures we report errors in only the scenario that matters.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-2-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2022-03-07 15:58:42 -06:00
..
aes.c crypto: Add spaces around operator 2021-01-29 17:07:53 +00:00
afalg.c
afalgpriv.h crypto: Allocate QCryptoCipher with the subclass 2020-09-10 11:02:23 +01:00
afsplit.c
block-luks.c qapi: Use QAPI_LIST_APPEND in trivial cases 2021-01-28 08:08:45 +01:00
block-luks.h
block-qcow.c
block-qcow.h
block.c qcrypto/core: add generic infrastructure for crypto options amendment 2020-07-06 08:49:28 +02:00
blockpriv.h qcrypto/core: add generic infrastructure for crypto options amendment 2020-07-06 08:49:28 +02:00
cipher-afalg.c crypto: Move cipher->driver init to qcrypto_*_cipher_ctx_new 2020-09-10 11:02:23 +01:00
cipher-builtin.c.inc crypto: delete built-in XTS cipher mode support 2021-07-14 14:15:52 +01:00
cipher-gcrypt.c.inc crypto: replace 'des-rfb' cipher with 'des' 2021-07-14 14:15:52 +01:00
cipher-gnutls.c.inc crypto: add gnutls cipher provider 2021-07-14 14:15:52 +01:00
cipher-nettle.c.inc crypto: replace 'des-rfb' cipher with 'des' 2021-07-14 14:15:52 +01:00
cipher.c crypto: add gnutls cipher provider 2021-07-14 14:15:52 +01:00
cipherpriv.h crypto: Move cipher->driver init to qcrypto_*_cipher_ctx_new 2020-09-10 11:02:23 +01:00
hash-afalg.c
hash-gcrypt.c
hash-glib.c
hash-gnutls.c crypto: add gnutls hash provider 2021-07-14 14:15:52 +01:00
hash-nettle.c crypto: drop back compatibility typedefs for nettle 2021-06-02 07:04:55 +02:00
hash.c
hashpriv.h
hmac-gcrypt.c
hmac-glib.c
hmac-gnutls.c crypto: add gnutls hmac provider 2021-07-14 14:15:52 +01:00
hmac-nettle.c crypto: drop back compatibility typedefs for nettle 2021-06-02 07:04:55 +02:00
hmac.c
hmacpriv.h
init.c crypto: drop gcrypt thread initialization code 2021-07-14 14:15:52 +01:00
ivgen-essiv.c
ivgen-essiv.h
ivgen-plain64.c
ivgen-plain64.h
ivgen-plain.c
ivgen-plain.h
ivgen.c
ivgenpriv.h
meson.build configure, meson: move some default-disabled options to meson_options.txt 2022-02-21 10:35:53 +01:00
pbkdf-gcrypt.c
pbkdf-gnutls.c crypto: add gnutls pbkdf provider 2021-07-14 14:15:52 +01:00
pbkdf-nettle.c
pbkdf-stub.c
pbkdf.c
random-gcrypt.c
random-gnutls.c
random-none.c crypto: add "none" random provider 2020-06-15 11:33:50 +01:00
random-platform.c
secret_common.c crypto: Forbid broken unloading of secrets 2021-01-29 17:07:53 +00:00
secret_keyring.c crypto: Move USER_CREATABLE to secret_common base class 2021-01-29 17:07:53 +00:00
secret.c crypto: Move USER_CREATABLE to secret_common base class 2021-01-29 17:07:53 +00:00
tls-cipher-suites.c crypto: Make QCryptoTLSCreds* structures private 2021-06-29 18:30:24 +01:00
tlscreds.c crypto/tlscreds: Introduce qcrypto_tls_creds_check_endpoint() helper 2021-06-29 18:29:43 +01:00
tlscredsanon.c crypto: Make QCryptoTLSCreds* structures private 2021-06-29 18:30:24 +01:00
tlscredspriv.h crypto: Make QCryptoTLSCreds* structures private 2021-06-29 18:30:24 +01:00
tlscredspsk.c crypto: Make QCryptoTLSCreds* structures private 2021-06-29 18:30:24 +01:00
tlscredsx509.c crypto: Make QCryptoTLSCreds* structures private 2021-06-29 18:30:24 +01:00
tlssession.c crypto: mandate a hostname when checking x509 creds on a client 2022-03-07 15:58:42 -06:00
trace-events docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
xts.c