Add tests that validate it is possible to connect to an NBD server running TLS mode. Also test mis-matched TLS vs non-TLS connections correctly fail. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20181116155325.22428-7-berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Tested-by: Eric Blake <eblake@redhat.com> [eblake: rebase to iotests shell cleanups, use ss instead of socat for port probing, sanitize port number in expected output] Signed-off-by: Eric Blake <eblake@redhat.com>
31 lines
1.1 KiB
Plaintext
31 lines
1.1 KiB
Plaintext
QA output created by 233
|
|
|
|
== preparing TLS creds ==
|
|
Generating a self signed certificate...
|
|
Generating a self signed certificate...
|
|
Generating a signed certificate...
|
|
Generating a signed certificate...
|
|
Generating a signed certificate...
|
|
|
|
== preparing image ==
|
|
Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864
|
|
|
|
== check TLS client to plain server fails ==
|
|
qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Denied by server for option 5 (starttls)
|
|
server reported: TLS not configured
|
|
|
|
== check plain client to TLS server fails ==
|
|
qemu-img: Could not open 'nbd://localhost:PORT': TLS negotiation required before option 8 (structured reply)
|
|
server reported: Option 0x8 not permitted before TLS
|
|
|
|
== check TLS works ==
|
|
image: nbd://127.0.0.1:PORT
|
|
file format: nbd
|
|
virtual size: 64M (67108864 bytes)
|
|
disk size: unavailable
|
|
|
|
== check TLS with different CA fails ==
|
|
option negotiation failed: Verify failed: No certificate was found.
|
|
qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': The certificate hasn't got a known issuer
|
|
*** done
|