1QA output created by 233 2 3== preparing TLS creds == 4Generating a self signed certificate... 5Generating a self signed certificate... 6Generating a signed certificate... 7Generating a signed certificate... 8Generating a signed certificate... 9Generating a signed certificate... 10Generating a random key for user 'psk1' 11Generating a random key for user 'psk2' 12 13== preparing image == 14Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 15wrote 1048576/1048576 bytes at offset 1048576 161 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 17 18== check TLS client to plain server fails == 19qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Denied by server for option 5 (starttls) 20server reported: TLS not configured 21qemu-nbd: Denied by server for option 5 (starttls) 22 23== check plain client to TLS server fails == 24qemu-img: Could not open 'nbd://localhost:PORT': TLS negotiation required before option 7 (go) 25Did you forget a valid tls-creds? 26server reported: Option 0x7 not permitted before TLS 27qemu-nbd: TLS negotiation required before option 3 (list) 28 29== check TLS works == 30image: nbd://127.0.0.1:PORT 31file format: nbd 32virtual size: 64 MiB (67108864 bytes) 33disk size: unavailable 34image: nbd://127.0.0.1:PORT 35file format: nbd 36virtual size: 64 MiB (67108864 bytes) 37disk size: unavailable 38exports available: 1 39 export: '' 40 size: 67108864 41 min block: 1 42 43== check TLS fail over TCP with mismatched hostname == 44qemu-img: Could not open 'driver=nbd,host=localhost,port=PORT,tls-creds=tls0': Certificate does not match the hostname localhost 45qemu-nbd: Certificate does not match the hostname localhost 46 47== check TLS works over TCP with mismatched hostname and override == 48image: nbd://localhost:PORT 49file format: nbd 50virtual size: 64 MiB (67108864 bytes) 51disk size: unavailable 52exports available: 1 53 export: '' 54 size: 67108864 55 min block: 1 56 57== check TLS with different CA fails == 58qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': The certificate hasn't got a known issuer 59qemu-nbd: The certificate hasn't got a known issuer 60 61== perform I/O over TLS == 62read 1048576/1048576 bytes at offset 1048576 631 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 64wrote 1048576/1048576 bytes at offset 1048576 651 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 66read 1048576/1048576 bytes at offset 1048576 671 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 68 69== check TLS with authorization == 70qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort 71qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort 72 73== check TLS fail over UNIX with no hostname == 74qemu-img: Could not open 'driver=nbd,path=SOCK_DIR/qemu-nbd.sock,tls-creds=tls0': No hostname for certificate validation 75qemu-nbd: No hostname for certificate validation 76 77== check TLS works over UNIX with hostname override == 78image: nbd+unix://?socket=SOCK_DIR/qemu-nbd.sock 79file format: nbd 80virtual size: 64 MiB (67108864 bytes) 81disk size: unavailable 82exports available: 1 83 export: '' 84 size: 67108864 85 min block: 1 86 87== check TLS works over UNIX with PSK == 88image: nbd+unix://?socket=SOCK_DIR/qemu-nbd.sock 89file format: nbd 90virtual size: 64 MiB (67108864 bytes) 91disk size: unavailable 92exports available: 1 93 export: '' 94 size: 67108864 95 min block: 1 96 97== check TLS fails over UNIX with mismatch PSK == 98qemu-img: Could not open 'driver=nbd,path=SOCK_DIR/qemu-nbd.sock,tls-creds=tls0': TLS handshake failed: The TLS connection was non-properly terminated. 99qemu-nbd: TLS handshake failed: The TLS connection was non-properly terminated. 100 101== final server log == 102qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort 103qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort 104qemu-nbd: option negotiation failed: Verify failed: No certificate was found. 105qemu-nbd: option negotiation failed: Verify failed: No certificate was found. 106qemu-nbd: option negotiation failed: TLS x509 authz check for DISTINGUISHED-NAME is denied 107qemu-nbd: option negotiation failed: TLS x509 authz check for DISTINGUISHED-NAME is denied 108qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort 109qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort 110qemu-nbd: option negotiation failed: TLS handshake failed: An illegal parameter has been received. 111qemu-nbd: option negotiation failed: TLS handshake failed: An illegal parameter has been received. 112*** done 113