1afcd1c2fSDaniel P. BerrangéQA output created by 233 2afcd1c2fSDaniel P. Berrangé 3afcd1c2fSDaniel P. Berrangé== preparing TLS creds == 4afcd1c2fSDaniel P. BerrangéGenerating a self signed certificate... 5afcd1c2fSDaniel P. BerrangéGenerating a self signed certificate... 6afcd1c2fSDaniel P. BerrangéGenerating a signed certificate... 7afcd1c2fSDaniel P. BerrangéGenerating a signed certificate... 8afcd1c2fSDaniel P. BerrangéGenerating a signed certificate... 9b25e12daSDaniel P. BerrangeGenerating a signed certificate... 1010cc95c3SDaniel P. BerrangéGenerating a random key for user 'psk1' 1110cc95c3SDaniel P. BerrangéGenerating a random key for user 'psk2' 12afcd1c2fSDaniel P. Berrangé 13afcd1c2fSDaniel P. Berrangé== preparing image == 14afcd1c2fSDaniel P. BerrangéFormatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 15bb39c47dSEric Blakewrote 1048576/1048576 bytes at offset 1048576 16bb39c47dSEric Blake1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 17afcd1c2fSDaniel P. Berrangé 18afcd1c2fSDaniel P. Berrangé== check TLS client to plain server fails == 19afcd1c2fSDaniel P. Berrangéqemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Denied by server for option 5 (starttls) 20afcd1c2fSDaniel P. Berrangéserver reported: TLS not configured 21ddd09448SEric Blakeqemu-nbd: Denied by server for option 5 (starttls) 22afcd1c2fSDaniel P. Berrangé 23afcd1c2fSDaniel P. Berrangé== check plain client to TLS server fails == 245de47735SEric Blakeqemu-img: Could not open 'nbd://localhost:PORT': TLS negotiation required before option 7 (go) 251b5c15ceSEric BlakeDid you forget a valid tls-creds? 265de47735SEric Blakeserver reported: Option 0x7 not permitted before TLS 275de47735SEric Blakeqemu-nbd: TLS negotiation required before option 3 (list) 28afcd1c2fSDaniel P. Berrangé 29afcd1c2fSDaniel P. Berrangé== check TLS works == 30afcd1c2fSDaniel P. Berrangéimage: nbd://127.0.0.1:PORT 31afcd1c2fSDaniel P. Berrangéfile format: nbd 32de38b500SEric Blakevirtual size: 64 MiB (67108864 bytes) 33afcd1c2fSDaniel P. Berrangédisk size: unavailable 34b25e12daSDaniel P. Berrangeimage: nbd://127.0.0.1:PORT 35b25e12daSDaniel P. Berrangefile format: nbd 36de38b500SEric Blakevirtual size: 64 MiB (67108864 bytes) 37b25e12daSDaniel P. Berrangedisk size: unavailable 38ddd09448SEric Blakeexports available: 1 39ddd09448SEric Blake export: '' 40ddd09448SEric Blake size: 67108864 41b0245d64SEric Blake min block: 1 4256cf9d04SEric Blake transaction size: 64-bit 43afcd1c2fSDaniel P. Berrangé 443da93d4bSDaniel P. Berrangé== check TLS fail over TCP with mismatched hostname == 453da93d4bSDaniel P. Berrangéqemu-img: Could not open 'driver=nbd,host=localhost,port=PORT,tls-creds=tls0': Certificate does not match the hostname localhost 463da93d4bSDaniel P. Berrangéqemu-nbd: Certificate does not match the hostname localhost 473da93d4bSDaniel P. Berrangé 483da93d4bSDaniel P. Berrangé== check TLS works over TCP with mismatched hostname and override == 493da93d4bSDaniel P. Berrangéimage: nbd://localhost:PORT 503da93d4bSDaniel P. Berrangéfile format: nbd 513da93d4bSDaniel P. Berrangévirtual size: 64 MiB (67108864 bytes) 523da93d4bSDaniel P. Berrangédisk size: unavailable 533da93d4bSDaniel P. Berrangéexports available: 1 543da93d4bSDaniel P. Berrangé export: '' 553da93d4bSDaniel P. Berrangé size: 67108864 563da93d4bSDaniel P. Berrangé min block: 1 5756cf9d04SEric Blake transaction size: 64-bit 583da93d4bSDaniel P. Berrangé 59afcd1c2fSDaniel P. Berrangé== check TLS with different CA fails == 60afcd1c2fSDaniel P. Berrangéqemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': The certificate hasn't got a known issuer 61ddd09448SEric Blakeqemu-nbd: The certificate hasn't got a known issuer 62bb39c47dSEric Blake 63bb39c47dSEric Blake== perform I/O over TLS == 64bb39c47dSEric Blakeread 1048576/1048576 bytes at offset 1048576 65bb39c47dSEric Blake1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 66bb39c47dSEric Blakewrote 1048576/1048576 bytes at offset 1048576 67bb39c47dSEric Blake1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 68bb39c47dSEric Blakeread 1048576/1048576 bytes at offset 1048576 69bb39c47dSEric Blake1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 70d0898051SEric Blake 71b25e12daSDaniel P. Berrange== check TLS with authorization == 72*f74e5bd9SDaniel P. Berrangéqemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: The TLS connection was non-properly terminated. 73*f74e5bd9SDaniel P. Berrangéqemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: The TLS connection was non-properly terminated. 74b25e12daSDaniel P. Berrange 75f0620835SDaniel P. Berrangé== check TLS fail over UNIX with no hostname == 76f0620835SDaniel P. Berrangéqemu-img: Could not open 'driver=nbd,path=SOCK_DIR/qemu-nbd.sock,tls-creds=tls0': No hostname for certificate validation 77f0620835SDaniel P. Berrangéqemu-nbd: No hostname for certificate validation 78f0620835SDaniel P. Berrangé 79f0620835SDaniel P. Berrangé== check TLS works over UNIX with hostname override == 80f0620835SDaniel P. Berrangéimage: nbd+unix://?socket=SOCK_DIR/qemu-nbd.sock 81f0620835SDaniel P. Berrangéfile format: nbd 82f0620835SDaniel P. Berrangévirtual size: 64 MiB (67108864 bytes) 83f0620835SDaniel P. Berrangédisk size: unavailable 84f0620835SDaniel P. Berrangéexports available: 1 85f0620835SDaniel P. Berrangé export: '' 86f0620835SDaniel P. Berrangé size: 67108864 87f0620835SDaniel P. Berrangé min block: 1 8856cf9d04SEric Blake transaction size: 64-bit 89f0620835SDaniel P. Berrangé 9010cc95c3SDaniel P. Berrangé== check TLS works over UNIX with PSK == 9110cc95c3SDaniel P. Berrangéimage: nbd+unix://?socket=SOCK_DIR/qemu-nbd.sock 9210cc95c3SDaniel P. Berrangéfile format: nbd 9310cc95c3SDaniel P. Berrangévirtual size: 64 MiB (67108864 bytes) 9410cc95c3SDaniel P. Berrangédisk size: unavailable 9510cc95c3SDaniel P. Berrangéexports available: 1 9610cc95c3SDaniel P. Berrangé export: '' 9710cc95c3SDaniel P. Berrangé size: 67108864 9810cc95c3SDaniel P. Berrangé min block: 1 9956cf9d04SEric Blake transaction size: 64-bit 10010cc95c3SDaniel P. Berrangé 10110cc95c3SDaniel P. Berrangé== check TLS fails over UNIX with mismatch PSK == 10210cc95c3SDaniel P. Berrangéqemu-img: Could not open 'driver=nbd,path=SOCK_DIR/qemu-nbd.sock,tls-creds=tls0': TLS handshake failed: The TLS connection was non-properly terminated. 10310cc95c3SDaniel P. Berrangéqemu-nbd: TLS handshake failed: The TLS connection was non-properly terminated. 10410cc95c3SDaniel P. Berrangé 105d0898051SEric Blake== final server log == 106*f74e5bd9SDaniel P. Berrangéqemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: The TLS connection was non-properly terminated. 107*f74e5bd9SDaniel P. Berrangéqemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: The TLS connection was non-properly terminated. 108d0898051SEric Blakeqemu-nbd: option negotiation failed: Verify failed: No certificate was found. 109ddd09448SEric Blakeqemu-nbd: option negotiation failed: Verify failed: No certificate was found. 110a6d2bb25SDaniel P. Berrangéqemu-nbd: option negotiation failed: TLS x509 authz check for DISTINGUISHED-NAME is denied 111a6d2bb25SDaniel P. Berrangéqemu-nbd: option negotiation failed: TLS x509 authz check for DISTINGUISHED-NAME is denied 112*f74e5bd9SDaniel P. Berrangéqemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: The TLS connection was non-properly terminated. 113*f74e5bd9SDaniel P. Berrangéqemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: The TLS connection was non-properly terminated. 11410cc95c3SDaniel P. Berrangéqemu-nbd: option negotiation failed: TLS handshake failed: An illegal parameter has been received. 11510cc95c3SDaniel P. Berrangéqemu-nbd: option negotiation failed: TLS handshake failed: An illegal parameter has been received. 116afcd1c2fSDaniel P. Berrangé*** done 117