On Fri, Apr 27, 2018 at 10:55:56 +0100, Daniel Berrange wrote: > On Thu, Apr 26, 2018 at 04:51:49PM +0200, Peter Krempa wrote: > > Since libvirt is currently not able to setup the NBD migration stream > > secured by TLS we should not allow such migration since data would be > > transferred unencrypted. > > > > This will break compatibility of TLS migration if non-shared storage is > > requested but the security implications are more severe. > > > > Signed-off-by: Peter Krempa <pkre...@redhat.com> > > --- > > src/qemu/qemu_migration.c | 9 +++++++++ > > 1 file changed, 9 insertions(+) > > Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
Pushed now, thanks. > IIUC, this doesn't actually require the 3 previous patches and can be > pushed on its own - we should push for this immediate release. The idea behind the other 3 patches was to actually implement the destination side, so that we have both sides covered. If you enable TLS for the NBD server it will not connect unless TLS is used. By using this patch only, an older source libvirtd will be able to migrate even with newer destination libvirtd, since that will not require TLS until those 3 patches will be pushed.
signature.asc
Description: PGP signature
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
