Currently doc/proto.md is silent on use of NBD_OPT_STARTTLS when
TLS has already been negotiated. Make it clear that this is not
permitted.
Signed-off-by: Alex Bligh <a...@alex.org.uk>
---
doc/proto.md | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/doc/proto.md b/doc/proto.md
index 4d63b23..3648fa3 100644
--- a/doc/proto.md
+++ b/doc/proto.md
@@ -399,7 +399,10 @@ of the newstyle negotiation.
`NBD_REP_ERR_POLICY`. For backwards compatibility, a client should
also be prepared to handle `NBD_REP_ERR_UNSUP`. If the client sent
along any data with the request, the server should send back
- `NBD_REP_ERR_INVALID`.
+ `NBD_REP_ERR_INVALID`. The client MUST NOT send this option if
+ it has already negotiated TLS; if the server receives
+ `NBD_OPT_STARTTLS` when TLS has already been negotiated, the server
+ MUST send back `NBD_REP_ERR_INVALID`.
This functionality has not yet been implemented by the reference
implementation, but was implemented by qemu so has been moved out of
--
1.9.1
