1QA output created by 233 2 3== preparing TLS creds == 4Generating a self signed certificate... 5Generating a self signed certificate... 6Generating a signed certificate... 7Generating a signed certificate... 8Generating a signed certificate... 9Generating a signed certificate... 10 11== preparing image == 12Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 13wrote 1048576/1048576 bytes at offset 1048576 141 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 15 16== check TLS client to plain server fails == 17qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Denied by server for option 5 (starttls) 18server reported: TLS not configured 19qemu-nbd: Denied by server for option 5 (starttls) 20 21== check plain client to TLS server fails == 22qemu-img: Could not open 'nbd://localhost:PORT': TLS negotiation required before option 7 (go) 23Did you forget a valid tls-creds? 24server reported: Option 0x7 not permitted before TLS 25qemu-nbd: TLS negotiation required before option 3 (list) 26 27== check TLS works == 28image: nbd://127.0.0.1:PORT 29file format: nbd 30virtual size: 64 MiB (67108864 bytes) 31disk size: unavailable 32image: nbd://127.0.0.1:PORT 33file format: nbd 34virtual size: 64 MiB (67108864 bytes) 35disk size: unavailable 36exports available: 1 37 export: '' 38 size: 67108864 39 min block: 1 40 41== check TLS fail over TCP with mismatched hostname == 42qemu-img: Could not open 'driver=nbd,host=localhost,port=PORT,tls-creds=tls0': Certificate does not match the hostname localhost 43qemu-nbd: Certificate does not match the hostname localhost 44 45== check TLS works over TCP with mismatched hostname and override == 46image: nbd://localhost:PORT 47file format: nbd 48virtual size: 64 MiB (67108864 bytes) 49disk size: unavailable 50exports available: 1 51 export: '' 52 size: 67108864 53 min block: 1 54 55== check TLS with different CA fails == 56qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': The certificate hasn't got a known issuer 57qemu-nbd: The certificate hasn't got a known issuer 58 59== perform I/O over TLS == 60read 1048576/1048576 bytes at offset 1048576 611 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 62wrote 1048576/1048576 bytes at offset 1048576 631 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 64read 1048576/1048576 bytes at offset 1048576 651 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 66 67== check TLS with authorization == 68qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort 69qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort 70 71== check TLS fail over UNIX with no hostname == 72qemu-img: Could not open 'driver=nbd,path=SOCK_DIR/qemu-nbd.sock,tls-creds=tls0': No hostname for certificate validation 73qemu-nbd: No hostname for certificate validation 74 75== check TLS works over UNIX with hostname override == 76image: nbd+unix://?socket=SOCK_DIR/qemu-nbd.sock 77file format: nbd 78virtual size: 64 MiB (67108864 bytes) 79disk size: unavailable 80exports available: 1 81 export: '' 82 size: 67108864 83 min block: 1 84 85== final server log == 86qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort 87qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort 88qemu-nbd: option negotiation failed: Verify failed: No certificate was found. 89qemu-nbd: option negotiation failed: Verify failed: No certificate was found. 90qemu-nbd: option negotiation failed: TLS x509 authz check for DISTINGUISHED-NAME is denied 91qemu-nbd: option negotiation failed: TLS x509 authz check for DISTINGUISHED-NAME is denied 92qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort 93qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort 94*** done 95