On 5/15/25 7:50 AM, Christoph Hellwig wrote: > Hi all, > > this series allows storing the key and certificate for NFS over > TLS mounts in the keyring and be specified using a mount option. > This way they don't need to be hardcoded in the global tlshd.conf > configuration file and can even be different per-mount. > > Note that for now the .nfs keyring still needs to be added to > tlshd.conf, but that should go away with the handshake enhacement > from Hannes. Just curious: Is there a downside to shipping a default /etc/tlshd.conf with the NVMe and NFS keyrings already added? > Changes since v1: > - don't depend on nfsv4 for the keyring > - fix compile when the kernel keyring is disabled -- Chuck Lever
