You need to sign in or sign up before continuing.
api: Add nbd_[aio_]opt_starttls
Very similar to the recent addition of nbd_opt_structured_reply, with the new nbd_opt_starttls() finally giving us fine-grained control over NBD_OPT_STARTTLS. and allowing productive handshaking with a server in SELECTIVETLS mode. With this patch, it is now easy to reproduce the scenario of nbdkit's CVE-2021-3716, where a plaintext meddler-in-the-middle attacker could cause client denial of service when a --tls=on server failed to reset state after NBD_OPT_STARTTLS. This also exposed the fact that nbdkit was not gracefully handling NBD_OPT_INFO from a plaintext client connecting to a --tls=require server; the testsuite is skipped unless using a fixed nbdkit (v1.33.2 or later).