1afcd1c2fSDaniel P. BerrangéQA output created by 233 2afcd1c2fSDaniel P. Berrangé 3afcd1c2fSDaniel P. Berrangé== preparing TLS creds == 4afcd1c2fSDaniel P. BerrangéGenerating a self signed certificate... 5afcd1c2fSDaniel P. BerrangéGenerating a self signed certificate... 6afcd1c2fSDaniel P. BerrangéGenerating a signed certificate... 7afcd1c2fSDaniel P. BerrangéGenerating a signed certificate... 8afcd1c2fSDaniel P. BerrangéGenerating a signed certificate... 9b25e12daSDaniel P. BerrangeGenerating a signed certificate... 10afcd1c2fSDaniel P. Berrangé 11afcd1c2fSDaniel P. Berrangé== preparing image == 12afcd1c2fSDaniel P. BerrangéFormatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 13bb39c47dSEric Blakewrote 1048576/1048576 bytes at offset 1048576 14bb39c47dSEric Blake1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 15afcd1c2fSDaniel P. Berrangé 16afcd1c2fSDaniel P. Berrangé== check TLS client to plain server fails == 17afcd1c2fSDaniel P. Berrangéqemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Denied by server for option 5 (starttls) 18afcd1c2fSDaniel P. Berrangéserver reported: TLS not configured 19ddd09448SEric Blakeqemu-nbd: Denied by server for option 5 (starttls) 20afcd1c2fSDaniel P. Berrangé 21afcd1c2fSDaniel P. Berrangé== check plain client to TLS server fails == 225de47735SEric Blakeqemu-img: Could not open 'nbd://localhost:PORT': TLS negotiation required before option 7 (go) 231b5c15ceSEric BlakeDid you forget a valid tls-creds? 245de47735SEric Blakeserver reported: Option 0x7 not permitted before TLS 255de47735SEric Blakeqemu-nbd: TLS negotiation required before option 3 (list) 26afcd1c2fSDaniel P. Berrangé 27afcd1c2fSDaniel P. Berrangé== check TLS works == 28afcd1c2fSDaniel P. Berrangéimage: nbd://127.0.0.1:PORT 29afcd1c2fSDaniel P. Berrangéfile format: nbd 30de38b500SEric Blakevirtual size: 64 MiB (67108864 bytes) 31afcd1c2fSDaniel P. Berrangédisk size: unavailable 32b25e12daSDaniel P. Berrangeimage: nbd://127.0.0.1:PORT 33b25e12daSDaniel P. Berrangefile format: nbd 34de38b500SEric Blakevirtual size: 64 MiB (67108864 bytes) 35b25e12daSDaniel P. Berrangedisk size: unavailable 36ddd09448SEric Blakeexports available: 1 37ddd09448SEric Blake export: '' 38ddd09448SEric Blake size: 67108864 39b0245d64SEric Blake min block: 1 40afcd1c2fSDaniel P. Berrangé 41*3da93d4bSDaniel P. Berrangé== check TLS fail over TCP with mismatched hostname == 42*3da93d4bSDaniel P. Berrangéqemu-img: Could not open 'driver=nbd,host=localhost,port=PORT,tls-creds=tls0': Certificate does not match the hostname localhost 43*3da93d4bSDaniel P. Berrangéqemu-nbd: Certificate does not match the hostname localhost 44*3da93d4bSDaniel P. Berrangé 45*3da93d4bSDaniel P. Berrangé== check TLS works over TCP with mismatched hostname and override == 46*3da93d4bSDaniel P. Berrangéimage: nbd://localhost:PORT 47*3da93d4bSDaniel P. Berrangéfile format: nbd 48*3da93d4bSDaniel P. Berrangévirtual size: 64 MiB (67108864 bytes) 49*3da93d4bSDaniel P. Berrangédisk size: unavailable 50*3da93d4bSDaniel P. Berrangéexports available: 1 51*3da93d4bSDaniel P. Berrangé export: '' 52*3da93d4bSDaniel P. Berrangé size: 67108864 53*3da93d4bSDaniel P. Berrangé min block: 1 54*3da93d4bSDaniel P. Berrangé 55afcd1c2fSDaniel P. Berrangé== check TLS with different CA fails == 56afcd1c2fSDaniel P. Berrangéqemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': The certificate hasn't got a known issuer 57ddd09448SEric Blakeqemu-nbd: The certificate hasn't got a known issuer 58bb39c47dSEric Blake 59bb39c47dSEric Blake== perform I/O over TLS == 60bb39c47dSEric Blakeread 1048576/1048576 bytes at offset 1048576 61bb39c47dSEric Blake1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 62bb39c47dSEric Blakewrote 1048576/1048576 bytes at offset 1048576 63bb39c47dSEric Blake1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 64bb39c47dSEric Blakeread 1048576/1048576 bytes at offset 1048576 65bb39c47dSEric Blake1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 66d0898051SEric Blake 67b25e12daSDaniel P. Berrange== check TLS with authorization == 68876df72dSMax Reitzqemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort 69876df72dSMax Reitzqemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort 70b25e12daSDaniel P. Berrange 71d0898051SEric Blake== final server log == 72*3da93d4bSDaniel P. Berrangéqemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort 73*3da93d4bSDaniel P. Berrangéqemu-nbd: option negotiation failed: Failed to read opts magic: Cannot read from TLS channel: Software caused connection abort 74d0898051SEric Blakeqemu-nbd: option negotiation failed: Verify failed: No certificate was found. 75ddd09448SEric Blakeqemu-nbd: option negotiation failed: Verify failed: No certificate was found. 76a6d2bb25SDaniel P. Berrangéqemu-nbd: option negotiation failed: TLS x509 authz check for DISTINGUISHED-NAME is denied 77a6d2bb25SDaniel P. Berrangéqemu-nbd: option negotiation failed: TLS x509 authz check for DISTINGUISHED-NAME is denied 78afcd1c2fSDaniel P. Berrangé*** done 79