CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Rick Macklem <rmacklem@FreeBSD.org>
	Mon, 21 Dec 2020 23:14:53 +0000 (15:14 -0800)
committer	Rick Macklem <rmacklem@FreeBSD.org>
	Wed, 23 Dec 2020 21:42:55 +0000 (13:42 -0800)
commit	665b1365fe8e24d618d63b0d57b0b4ad39e97824
tree	44fecd432dcd0b10c880a0fe045f5ba27d5a3a67	tree \| snapshot
parent	e523262107865130e40fb19f7c3c571c8dd0b252	commit \| diff

Add a new "tlscertname" NFS mount option.

When using NFS-over-TLS, an NFS client can optionally provide an X.509
certificate to the server during the TLS handshake. For some situations,
such as different NFS servers or different certificates being mapped
to different user credentials on the NFS server, there may be a need
for different mounts to provide different certificates.

This new mount option called "tlscertname" may be used to specify a
non-default certificate be provided. This alernate certificate will
be stored in /etc/rpc.tlsclntd in a file with a name based on what is
provided by this mount option.

sys/fs/nfs/nfs_commonkrpc.c		diff \| blob \| history
sys/fs/nfsclient/nfs_clvfsops.c		diff \| blob \| history
sys/fs/nfsclient/nfsmount.h		diff \| blob \| history
sys/rpc/clnt.h		diff \| blob \| history
sys/rpc/clnt_rc.c		diff \| blob \| history
sys/rpc/krpc.h		diff \| blob \| history
sys/rpc/rpcsec_tls.h		diff \| blob \| history
sys/rpc/rpcsec_tls/rpctls_impl.c		diff \| blob \| history
sys/rpc/rpcsec_tls/rpctlscd.x		diff \| blob \| history