fabrics: permit bi-auth with secure concat TLS

martin-gpy · martin-gpy · commit 38cef3949aa3 · 2026-03-19T16:38:52.000+05:30
Turns out it is not just uni-auth that is supported with secure channel concat TLS but bi-auth as well. Earlier interpretation of the NVMe spec on this topic was wrong as discussed recently in the NVMe upstream mailing list at https://lore.kernel.org/linux-nvme/c60d58ae-84c6-49a1-b850-e23e12e7be45@suse.de/T/#t. So permit the same now in userspace. Fixes: 5fdc131 ("fabrics: add error if dhchap-ctrl-secret is specified with --concat") Signed-off-by: Martin George <marting@netapp.com>
diff --git a/libnvme/src/nvme/fabrics.c b/libnvme/src/nvme/fabrics.c
@@ -725,11 +725,6 @@ static int build_options(nvme_host_t h, nvme_ctrl_t c, char **argstr)
 		return -ENVME_CONNECT_INVAL;
 	}
 
-	if (cfg->concat && ctrlkey) {
-		nvme_msg(h->ctx, LOG_ERR, "cannot specify [--dhchap-ctrl-secret | -C] with --concat\n");
-		return -ENVME_CONNECT_INVAL;
-	}
-
 	if (cfg->tls) {
 		ret = __nvme_import_keys_from_config(h, c,
 			&keyring_id, &key_id);
