Re: [Qemu-devel] Error when attempting to perform TLS NBD connection

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Daniel P. Berrange" <berrange@redhat.com>
To: Alex Bligh <alex@alex.org.uk>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] Error when attempting to perform TLS NBD connection
Date: Wed, 6 Apr 2016 12:13:35 +0100	[thread overview]
Message-ID: <20160406111335.GJ23124@redhat.com> (raw)
In-Reply-To: <DD1C954E-0ACA-420B-93B7-04456BB1678A@alex.org.uk>

On Tue, Apr 05, 2016 at 09:01:10PM +0100, Alex Bligh wrote:
> When I attempt to connect via TLS like this (using today's qemu master):
> 
>    ./qemu-img info --object tls-creds-x509,id=tls0,dir=../certs,endpoint=client --image-opts driver=nbd,host=127.0.0.1,port=6666,export=foo,tls-creds=tls0
> 
> (command line from Daniel over IRC)
> 
> I get the rather opaque error:
> 
>    qemu-img: Unable to initialize certificate
> 
> and with the patch I sent through I get the not much less opaque error:
> 
>    qemu-img: Unable to initialize certificate: ASN1 parser: Element was not found.
> 
> gdb indicates this is crypto/tlscredsx509.c:399 where gnutls_x509_crt_init(&cert) fails.

So the problem turned out to be that the qemu-img program failed to
call qcrypto_init(), so gnutls had not had its one-time initialization
performed. This doesn't matter for gnutls 3.x but does for anything
older than that. I just copied you on a patch to fix this.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

next prev parent reply	other threads:[~2016-04-06 11:13 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-04-05 20:01 [Qemu-devel] Error when attempting to perform TLS NBD connection Alex Bligh
2016-04-06  9:09 ` Daniel P. Berrange
2016-04-06  9:11   ` Daniel P. Berrange
2016-04-06  9:22     ` Alex Bligh
2016-04-06  9:27       ` Daniel P. Berrange
2016-04-06  9:17   ` Alex Bligh
2016-04-06 11:13 ` Daniel P. Berrange [this message]
2016-04-06 11:40   ` Alex Bligh
2016-04-06 12:18     ` Daniel P. Berrange

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160406111335.GJ23124@redhat.com \
    --to=berrange@redhat.com \
    --cc=alex@alex.org.uk \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.