1QA output created by 233 2 3== preparing TLS creds == 4Generating a self signed certificate... 5Generating a self signed certificate... 6Generating a signed certificate... 7Generating a signed certificate... 8Generating a signed certificate... 9Generating a signed certificate... 10Generating a random key for user 'psk1' 11Generating a random key for user 'psk2' 12 13== preparing image == 14Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 15wrote 1048576/1048576 bytes at offset 1048576 161 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 17 18== check TLS client to plain server fails == 19qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Denied by server for option 5 (starttls) 20server reported: TLS not configured 21qemu-nbd: Denied by server for option 5 (starttls) 22 23== check plain client to TLS server fails == 24qemu-img: Could not open 'nbd://localhost:PORT': TLS negotiation required before option 7 (go) 25Did you forget a valid tls-creds? 26server reported: Option 0x7 not permitted before TLS 27qemu-nbd: TLS negotiation required before option 3 (list) 28 29== check TLS works == 30image: nbd://127.0.0.1:PORT 31file format: nbd 32virtual size: 64 MiB (67108864 bytes) 33disk size: unavailable 34image: nbd://127.0.0.1:PORT 35file format: nbd 36virtual size: 64 MiB (67108864 bytes) 37disk size: unavailable 38exports available: 1 39 export: '' 40 size: 67108864 41 min block: 1 42 transaction size: 64-bit 43 44== check TLS fail over TCP with mismatched hostname == 45qemu-img: Could not open 'driver=nbd,host=localhost,port=PORT,tls-creds=tls0': Certificate does not match the hostname localhost 46qemu-nbd: Certificate does not match the hostname localhost 47 48== check TLS works over TCP with mismatched hostname and override == 49image: nbd://localhost:PORT 50file format: nbd 51virtual size: 64 MiB (67108864 bytes) 52disk size: unavailable 53exports available: 1 54 export: '' 55 size: 67108864 56 min block: 1 57 transaction size: 64-bit 58 59== check TLS with different CA fails == 60qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': The certificate hasn't got a known issuer 61qemu-nbd: The certificate hasn't got a known issuer 62 63== perform I/O over TLS == 64read 1048576/1048576 bytes at offset 1048576 651 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 66wrote 1048576/1048576 bytes at offset 1048576 671 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 68read 1048576/1048576 bytes at offset 1048576 691 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 70 71== check TLS with authorization == 72qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort 73qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort 74 75== check TLS fail over UNIX with no hostname == 76qemu-img: Could not open 'driver=nbd,path=SOCK_DIR/qemu-nbd.sock,tls-creds=tls0': No hostname for certificate validation 77qemu-nbd: No hostname for certificate validation 78 79== check TLS works over UNIX with hostname override == 80image: nbd+unix://?socket=SOCK_DIR/qemu-nbd.sock 81file format: nbd 82virtual size: 64 MiB (67108864 bytes) 83disk size: unavailable 84exports available: 1 85 export: '' 86 size: 67108864 87 min block: 1 88 transaction size: 64-bit 89 90== check TLS works over UNIX with PSK == 91image: nbd+unix://?socket=SOCK_DIR/qemu-nbd.sock 92file format: nbd 93virtual size: 64 MiB (67108864 bytes) 94disk size: unavailable 95exports available: 1 96 export: '' 97 size: 67108864 98 min block: 1 99 transaction size: 64-bit 100 101== check TLS fails over UNIX with mismatch PSK == 102qemu-img: Could not open 'driver=nbd,path=SOCK_DIR/qemu-nbd.sock,tls-creds=tls0': TLS handshake failed: The TLS connection was non-properly terminated. 103qemu-nbd: TLS handshake failed: The TLS connection was non-properly terminated. 104 105== final server log == 106qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort 107qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort 108qemu-nbd: option negotiation failed: Verify failed: No certificate was found. 109qemu-nbd: option negotiation failed: Verify failed: No certificate was found. 110qemu-nbd: option negotiation failed: TLS x509 authz check for DISTINGUISHED-NAME is denied 111qemu-nbd: option negotiation failed: TLS x509 authz check for DISTINGUISHED-NAME is denied 112qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort 113qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort 114qemu-nbd: option negotiation failed: TLS handshake failed: An illegal parameter has been received. 115qemu-nbd: option negotiation failed: TLS handshake failed: An illegal parameter has been received. 116*** done 117