1QA output created by 233 2 3== preparing TLS creds == 4Generating a self signed certificate... 5Generating a self signed certificate... 6Generating a signed certificate... 7Generating a signed certificate... 8Generating a signed certificate... 9Generating a signed certificate... 10 11== preparing image == 12Formatting 'TEST_DIR/t.IMGFMT', fmt=IMGFMT size=67108864 13wrote 1048576/1048576 bytes at offset 1048576 141 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 15 16== check TLS client to plain server fails == 17qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Denied by server for option 5 (starttls) 18server reported: TLS not configured 19qemu-nbd: Denied by server for option 5 (starttls) 20server reported: TLS not configured 21 22== check plain client to TLS server fails == 23qemu-img: Could not open 'nbd://localhost:PORT': TLS negotiation required before option 7 (go) 24Did you forget a valid tls-creds? 25server reported: Option 0x7 not permitted before TLS 26qemu-nbd: TLS negotiation required before option 3 (list) 27Did you forget a valid tls-creds? 28server reported: Option 0x3 not permitted before TLS 29 30== check TLS works == 31image: nbd://127.0.0.1:PORT 32file format: nbd 33virtual size: 64 MiB (67108864 bytes) 34disk size: unavailable 35image: nbd://127.0.0.1:PORT 36file format: nbd 37virtual size: 64 MiB (67108864 bytes) 38disk size: unavailable 39exports available: 1 40 export: '' 41 size: 67108864 42 flags: 0xced ( flush fua trim zeroes df cache fast-zero ) 43 min block: 1 44 opt block: 4096 45 max block: 33554432 46 available meta contexts: 1 47 base:allocation 48 49== check TLS with different CA fails == 50qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': The certificate hasn't got a known issuer 51qemu-nbd: The certificate hasn't got a known issuer 52 53== perform I/O over TLS == 54read 1048576/1048576 bytes at offset 1048576 551 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 56wrote 1048576/1048576 bytes at offset 1048576 571 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 58read 1048576/1048576 bytes at offset 1048576 591 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) 60 61== check TLS with authorization == 62qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort 63qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option reply: Cannot read from TLS channel: Software caused connection abort 64 65== final server log == 66qemu-nbd: option negotiation failed: Verify failed: No certificate was found. 67qemu-nbd: option negotiation failed: Verify failed: No certificate was found. 68qemu-nbd: option negotiation failed: TLS x509 authz check for CN=localhost,O=Cthulhu Dark Lord Enterprises client1,L=R'lyeh,C=South Pacific is denied 69qemu-nbd: option negotiation failed: TLS x509 authz check for CN=localhost,O=Cthulhu Dark Lord Enterprises client3,L=R'lyeh,C=South Pacific is denied 70*** done 71