From owner-svn-src-projects@freebsd.org Sun May 10 00:28:44 2020 Return-Path: Delivered-To: svn-src-projects@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1AAF22D310F for ; Sun, 10 May 2020 00:28:44 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49KQ0W6r4Hz4VJ3; Sun, 10 May 2020 00:28:43 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E5EC82461B; Sun, 10 May 2020 00:28:43 +0000 (UTC) (envelope-from rmacklem@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 04A0ShHr065228; Sun, 10 May 2020 00:28:43 GMT (envelope-from rmacklem@FreeBSD.org) Received: (from rmacklem@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 04A0Sh6W065227; Sun, 10 May 2020 00:28:43 GMT (envelope-from rmacklem@FreeBSD.org) Message-Id: <202005100028.04A0Sh6W065227@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rmacklem set sender to rmacklem@FreeBSD.org using -f From: Rick Macklem Date: Sun, 10 May 2020 00:28:43 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r360861 - projects/nfs-over-tls X-SVN-Group: projects X-SVN-Commit-Author: rmacklem X-SVN-Commit-Paths: projects/nfs-over-tls X-SVN-Commit-Revision: 360861 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.32 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 May 2020 00:28:44 -0000 Author: rmacklem Date: Sun May 10 00:28:43 2020 New Revision: 360861 URL: https://svnweb.freebsd.org/changeset/base/360861 Log: Update the nfs-over-tls-setup.txt document slightly. I think this project is now ready for third party testing, although the setup is rather awkward for now. As pieces of the code make it into head, this should get simpler. However, I think the document covers the basics of getting it going. Thanks go to jhb@ for his KERN_TLS work and for providing the patch for ktls rx and patched openssl3 needed to make it work. Modified: projects/nfs-over-tls/nfs-over-tls-setup.txt Modified: projects/nfs-over-tls/nfs-over-tls-setup.txt ============================================================================== --- projects/nfs-over-tls/nfs-over-tls-setup.txt Sun May 10 00:24:40 2020 (r360860) +++ projects/nfs-over-tls/nfs-over-tls-setup.txt Sun May 10 00:28:43 2020 (r360861) @@ -106,10 +106,8 @@ kern.ipc.mb_use_ext_pgs=1 - edit rc.conf and add this line (if you already have a line for ldconfig_paths, add /usr/ktls/lib to the line) ldconfig_paths="/usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg /usr/ktls/lib" -Then reboot the system with nkernel. +Then reboot the system. -Every time you boot and are going to be doing testing, login as root and type -# kldload ktls_ocf You should now be finally ready to configure and run a TLS mount. (If you have problems or I forgot any steps, feel free to email me at rmacklem@uoguelph.ca.)