diff options
| author | Daniel P. Berrangé <berrange@redhat.com> | 2022-03-04 19:36:08 +0000 |
|---|---|---|
| committer | Eric Blake <eblake@redhat.com> | 2022-03-07 17:12:55 -0600 |
| commit | 3da93d4bc6749d56349cd16340f07ca9825996ed (patch) | |
| tree | f906608410dd7c4ea0180f623534c77e7057fb7e /tests/qemu-iotests/common.tls | |
| parent | ebc0141ba7e5d594ef9ea0efbf841e2e90edea7c (diff) | |
| download | focaccia-qemu-3da93d4bc6749d56349cd16340f07ca9825996ed.tar.gz focaccia-qemu-3da93d4bc6749d56349cd16340f07ca9825996ed.zip | |
tests/qemu-iotests: validate NBD TLS with hostname mismatch
This validates that connections to an NBD server where the certificate hostname does not match will fail. It further validates that using the new 'tls-hostname' override option can solve the failure. Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220304193610.3293146-11-berrange@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
Diffstat (limited to 'tests/qemu-iotests/common.tls')
| -rw-r--r-- | tests/qemu-iotests/common.tls | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/tests/qemu-iotests/common.tls b/tests/qemu-iotests/common.tls index 6ba28a78d3..4a5760949d 100644 --- a/tests/qemu-iotests/common.tls +++ b/tests/qemu-iotests/common.tls @@ -118,12 +118,13 @@ tls_x509_create_server() caname=$1 name=$2 + # We don't include 'localhost' in the cert, as + # we want to keep it unlisted to let tests + # validate hostname override mkdir -p "${tls_dir}/$name" cat > "${tls_dir}/cert.info" <<EOF organization = Cthulhu Dark Lord Enterprises $name -cn = localhost -dns_name = localhost -dns_name = localhost.localdomain +cn = iotests.qemu.org ip_address = 127.0.0.1 ip_address = ::1 tls_www_server |