qemu/crypto
Daniel P. Berrangé d41997e465 crypto: mandate a hostname when checking x509 creds on a client
Currently the TLS session object assumes that the caller will always
provide a hostname when using x509 creds on a client endpoint. This
relies on the caller to detect and report an error if the user has
configured QEMU with x509 credentials on a UNIX socket. The migration
code has such a check, but it is too broad, reporting an error when
the user has configured QEMU with PSK credentials on a UNIX socket,
where hostnames are irrelevant.

Putting the check into the TLS session object credentials validation
code ensures we report errors in only the scenario that matters.

Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220304193610.3293146-2-berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2022-03-07 15:58:42 -06:00
..
aes.c crypto: Add spaces around operator 2021-01-29 17:07:53 +00:00
afalg.c crypto: introduce some common functions for af_alg backend 2017-07-19 10:11:05 +01:00
afalgpriv.h crypto: Allocate QCryptoCipher with the subclass 2020-09-10 11:02:23 +01:00
afsplit.c crypto: use auto cleanup for many stack variables 2019-08-22 10:56:57 +01:00
block-luks.c qapi: Use QAPI_LIST_APPEND in trivial cases 2021-01-28 08:08:45 +01:00
block-luks.h crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
block-qcow.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
block-qcow.h crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
block.c qcrypto/core: add generic infrastructure for crypto options amendment 2020-07-06 08:49:28 +02:00
blockpriv.h qcrypto/core: add generic infrastructure for crypto options amendment 2020-07-06 08:49:28 +02:00
cipher-afalg.c crypto: Move cipher->driver init to qcrypto_*_cipher_ctx_new 2020-09-10 11:02:23 +01:00
cipher-builtin.c.inc crypto: delete built-in XTS cipher mode support 2021-07-14 14:15:52 +01:00
cipher-gcrypt.c.inc crypto: replace 'des-rfb' cipher with 'des' 2021-07-14 14:15:52 +01:00
cipher-gnutls.c.inc crypto: add gnutls cipher provider 2021-07-14 14:15:52 +01:00
cipher-nettle.c.inc crypto: replace 'des-rfb' cipher with 'des' 2021-07-14 14:15:52 +01:00
cipher.c crypto: add gnutls cipher provider 2021-07-14 14:15:52 +01:00
cipherpriv.h crypto: Move cipher->driver init to qcrypto_*_cipher_ctx_new 2020-09-10 11:02:23 +01:00
hash-afalg.c crypto: hmac: add af_alg-backend hmac support 2017-07-19 10:11:05 +01:00
hash-gcrypt.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
hash-glib.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
hash-gnutls.c crypto: add gnutls hash provider 2021-07-14 14:15:52 +01:00
hash-nettle.c crypto: drop back compatibility typedefs for nettle 2021-06-02 07:04:55 +02:00
hash.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
hashpriv.h crypto: hash: add afalg-backend hash support 2017-07-19 10:11:05 +01:00
hmac-gcrypt.c qapi: Mechanically convert FOO_lookup[...] to FOO_str(...) 2017-09-04 13:09:13 +02:00
hmac-glib.c glib: bump min required glib library version to 2.48 2019-08-22 10:46:34 +01:00
hmac-gnutls.c crypto: add gnutls hmac provider 2021-07-14 14:15:52 +01:00
hmac-nettle.c crypto: drop back compatibility typedefs for nettle 2021-06-02 07:04:55 +02:00
hmac.c Include qapi/error.h exactly where needed 2018-02-09 13:50:17 +01:00
hmacpriv.h crypto: hmac: add af_alg-backend hmac support 2017-07-19 10:11:05 +01:00
init.c crypto: drop gcrypt thread initialization code 2021-07-14 14:15:52 +01:00
ivgen-essiv.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
ivgen-essiv.h crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
ivgen-plain.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
ivgen-plain.h crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
ivgen-plain64.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
ivgen-plain64.h crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
ivgen.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
ivgenpriv.h crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
meson.build configure, meson: move some default-disabled options to meson_options.txt 2022-02-21 10:35:53 +01:00
pbkdf-gcrypt.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
pbkdf-gnutls.c crypto: add gnutls pbkdf provider 2021-07-14 14:15:52 +01:00
pbkdf-nettle.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
pbkdf-stub.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
pbkdf.c crypto: use auto cleanup for many stack variables 2019-08-22 10:56:57 +01:00
random-gcrypt.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
random-gnutls.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
random-none.c crypto: add "none" random provider 2020-06-15 11:33:50 +01:00
random-platform.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00
secret.c crypto: Move USER_CREATABLE to secret_common base class 2021-01-29 17:07:53 +00:00
secret_common.c crypto: Forbid broken unloading of secrets 2021-01-29 17:07:53 +00:00
secret_keyring.c crypto: Move USER_CREATABLE to secret_common base class 2021-01-29 17:07:53 +00:00
tls-cipher-suites.c crypto: Make QCryptoTLSCreds* structures private 2021-06-29 18:30:24 +01:00
tlscreds.c crypto/tlscreds: Introduce qcrypto_tls_creds_check_endpoint() helper 2021-06-29 18:29:43 +01:00
tlscredsanon.c crypto: Make QCryptoTLSCreds* structures private 2021-06-29 18:30:24 +01:00
tlscredspriv.h crypto: Make QCryptoTLSCreds* structures private 2021-06-29 18:30:24 +01:00
tlscredspsk.c crypto: Make QCryptoTLSCreds* structures private 2021-06-29 18:30:24 +01:00
tlscredsx509.c crypto: Make QCryptoTLSCreds* structures private 2021-06-29 18:30:24 +01:00
tlssession.c crypto: mandate a hostname when checking x509 creds on a client 2022-03-07 15:58:42 -06:00
trace-events docs: fix references to docs/devel/tracing.rst 2021-06-02 06:51:09 +02:00
trace.h trace: switch position of headers to what Meson requires 2020-08-21 06:18:24 -04:00
xts.c crypto: Fix LGPL information in the file headers 2019-07-19 14:21:25 +01:00