48b8583698
Error reporting from gnutls was improved by:
commit 57941c9c86
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: Fri Mar 15 14:07:58 2024 +0000
crypto: push error reporting into TLS session I/O APIs
This has the effect of changing the output from one of the NBD
tests.
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
117 lines
4.9 KiB
Plaintext
117 lines
4.9 KiB
Plaintext
QA output created by 233
|
|
|
|
== preparing TLS creds ==
|
|
Generating a self signed certificate...
|
|
Generating a self signed certificate...
|
|
Generating a signed certificate...
|
|
Generating a signed certificate...
|
|
Generating a signed certificate...
|
|
Generating a signed certificate...
|
|
Generating a random key for user 'psk1'
|
|
Generating a random key for user 'psk2'
|
|
|
|
== preparing image ==
|
|
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
|
|
wrote 1048576/1048576 bytes at offset 1048576
|
|
1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
|
|
|
== check TLS client to plain server fails ==
|
|
qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Denied by server for option 5 (starttls)
|
|
server reported: TLS not configured
|
|
qemu-nbd: Denied by server for option 5 (starttls)
|
|
|
|
== check plain client to TLS server fails ==
|
|
qemu-img: Could not open 'nbd://localhost:PORT': TLS negotiation required before option 7 (go)
|
|
Did you forget a valid tls-creds?
|
|
server reported: Option 0x7 not permitted before TLS
|
|
qemu-nbd: TLS negotiation required before option 3 (list)
|
|
|
|
== check TLS works ==
|
|
image: nbd://127.0.0.1:PORT
|
|
file format: nbd
|
|
virtual size: 64 MiB (67108864 bytes)
|
|
disk size: unavailable
|
|
image: nbd://127.0.0.1:PORT
|
|
file format: nbd
|
|
virtual size: 64 MiB (67108864 bytes)
|
|
disk size: unavailable
|
|
exports available: 1
|
|
export: ''
|
|
size: 67108864
|
|
min block: 1
|
|
transaction size: 64-bit
|
|
|
|
== check TLS fail over TCP with mismatched hostname ==
|
|
qemu-img: Could not open 'driver=nbd,host=localhost,port=PORT,tls-creds=tls0': Certificate does not match the hostname localhost
|
|
qemu-nbd: Certificate does not match the hostname localhost
|
|
|
|
== check TLS works over TCP with mismatched hostname and override ==
|
|
image: nbd://localhost:PORT
|
|
file format: nbd
|
|
virtual size: 64 MiB (67108864 bytes)
|
|
disk size: unavailable
|
|
exports available: 1
|
|
export: ''
|
|
size: 67108864
|
|
min block: 1
|
|
transaction size: 64-bit
|
|
|
|
== check TLS with different CA fails ==
|
|
qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': The certificate hasn't got a known issuer
|
|
qemu-nbd: The certificate hasn't got a known issuer
|
|
|
|
== perform I/O over TLS ==
|
|
read 1048576/1048576 bytes at offset 1048576
|
|
1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
|
wrote 1048576/1048576 bytes at offset 1048576
|
|
1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
|
read 1048576/1048576 bytes at offset 1048576
|
|
1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
|
|
|
|
== check TLS with authorization ==
|
|
qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: The TLS connection was non-properly terminated.
|
|
qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: The TLS connection was non-properly terminated.
|
|
|
|
== check TLS fail over UNIX with no hostname ==
|
|
qemu-img: Could not open 'driver=nbd,path=SOCK_DIR/qemu-nbd.sock,tls-creds=tls0': No hostname for certificate validation
|
|
qemu-nbd: No hostname for certificate validation
|
|
|
|
== check TLS works over UNIX with hostname override ==
|
|
image: nbd+unix://?socket=SOCK_DIR/qemu-nbd.sock
|
|
file format: nbd
|
|
virtual size: 64 MiB (67108864 bytes)
|
|
disk size: unavailable
|
|
exports available: 1
|
|
export: ''
|
|
size: 67108864
|
|
min block: 1
|
|
transaction size: 64-bit
|
|
|
|
== check TLS works over UNIX with PSK ==
|
|
image: nbd+unix://?socket=SOCK_DIR/qemu-nbd.sock
|
|
file format: nbd
|
|
virtual size: 64 MiB (67108864 bytes)
|
|
disk size: unavailable
|
|
exports available: 1
|
|
export: ''
|
|
size: 67108864
|
|
min block: 1
|
|
transaction size: 64-bit
|
|
|
|
== check TLS fails over UNIX with mismatch PSK ==
|
|
qemu-img: Could not open 'driver=nbd,path=SOCK_DIR/qemu-nbd.sock,tls-creds=tls0': TLS handshake failed: The TLS connection was non-properly terminated.
|
|
qemu-nbd: TLS handshake failed: The TLS connection was non-properly terminated.
|
|
|
|
== final server log ==
|
|
qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: The TLS connection was non-properly terminated.
|
|
qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: The TLS connection was non-properly terminated.
|
|
qemu-nbd: option negotiation failed: Verify failed: No certificate was found.
|
|
qemu-nbd: option negotiation failed: Verify failed: No certificate was found.
|
|
qemu-nbd: option negotiation failed: TLS x509 authz check for DISTINGUISHED-NAME is denied
|
|
qemu-nbd: option negotiation failed: TLS x509 authz check for DISTINGUISHED-NAME is denied
|
|
qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: The TLS connection was non-properly terminated.
|
|
qemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: The TLS connection was non-properly terminated.
|
|
qemu-nbd: option negotiation failed: TLS handshake failed: An illegal parameter has been received.
|
|
qemu-nbd: option negotiation failed: TLS handshake failed: An illegal parameter has been received.
|
|
*** done
|