diff options
| author | Daniel P. Berrangé <berrange@redhat.com> | 2022-03-04 19:36:10 +0000 |
|---|---|---|
| committer | Eric Blake <eblake@redhat.com> | 2022-03-07 17:13:31 -0600 |
| commit | 10cc95c38f95e62c5ff5e1cffbf8bfef748e9d6f (patch) | |
| tree | 9ef14fab73a11e661ca5bec591d8f112a6d3dacc /tests/qemu-iotests/233 | |
| parent | f0620835c513afa36660eedbc8995ce4dbc72f98 (diff) | |
| download | focaccia-qemu-10cc95c38f95e62c5ff5e1cffbf8bfef748e9d6f.tar.gz focaccia-qemu-10cc95c38f95e62c5ff5e1cffbf8bfef748e9d6f.zip | |
tests/qemu-iotests: validate NBD TLS with UNIX sockets and PSK
This validates that connections to an NBD server running on a UNIX socket can use TLS with pre-shared keys (PSK). Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220304193610.3293146-13-berrange@redhat.com> [eblake: squash in rebase fix] Tested-by: Eric Blake <eblake@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
Diffstat (limited to 'tests/qemu-iotests/233')
| -rwxr-xr-x | tests/qemu-iotests/233 | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/tests/qemu-iotests/233 b/tests/qemu-iotests/233 index 442fd1378c..55db5b3811 100755 --- a/tests/qemu-iotests/233 +++ b/tests/qemu-iotests/233 @@ -61,6 +61,8 @@ tls_x509_create_server "ca1" "server1" tls_x509_create_client "ca1" "client1" tls_x509_create_client "ca2" "client2" tls_x509_create_client "ca1" "client3" +tls_psk_create_creds "psk1" +tls_psk_create_creds "psk2" echo echo "== preparing image ==" @@ -191,6 +193,32 @@ $QEMU_IMG info --image-opts --object $obj1 \ $QEMU_NBD_PROG -L -k $nbd_unix_socket --object $obj1 \ --tls-creds=tls0 --tls-hostname=127.0.0.1 2>&1 | _filter_qemu_nbd_exports + +echo +echo "== check TLS works over UNIX with PSK ==" +nbd_server_stop + +nbd_server_start_unix_socket \ + --object tls-creds-psk,dir=${tls_dir}/psk1,endpoint=server,id=tls0,verify-peer=on \ + --tls-creds tls0 \ + -f $IMGFMT "$TEST_IMG" 2>> "$TEST_DIR/server.log" + +obj1=tls-creds-psk,dir=${tls_dir}/psk1,username=psk1,endpoint=client,id=tls0 +$QEMU_IMG info --image-opts --object $obj1 \ + driver=nbd,path=$nbd_unix_socket,tls-creds=tls0 \ + 2>&1 | _filter_nbd +$QEMU_NBD_PROG -L -k $nbd_unix_socket --object $obj1 \ + --tls-creds=tls0 2>&1 | _filter_qemu_nbd_exports + +echo +echo "== check TLS fails over UNIX with mismatch PSK ==" +obj1=tls-creds-psk,dir=${tls_dir}/psk2,username=psk2,endpoint=client,id=tls0 +$QEMU_IMG info --image-opts --object $obj1 \ + driver=nbd,path=$nbd_unix_socket,tls-creds=tls0 \ + 2>&1 | _filter_nbd +$QEMU_NBD_PROG -L -k $nbd_unix_socket --object $obj1 \ + --tls-creds=tls0 2>&1 | _filter_qemu_nbd_exports + echo echo "== final server log ==" cat "$TEST_DIR/server.log" | _filter_authz_check_tls |