From: Eric Blake <eblake@redhat.com>
To: "Daniel P. Berrangé" <berrange@redhat.com>
Cc: qemu-devel@nongnu.org,
"open list:Network Block Dev..." <qemu-block@nongnu.org>,
Tingting Mao <timao@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] nbd/client: Add hint when TLS is missing
Date: Mon, 9 Sep 2019 11:43:20 -0500 [thread overview]
Message-ID: <5a56a456-b1dc-9d15-2047-b3fde440854d@redhat.com> (raw)
In-Reply-To: <20190909091322.GA24509@redhat.com>
[-- Attachment #1.1: Type: text/plain, Size: 1744 bytes --]
On 9/9/19 4:13 AM, Daniel P. Berrangé wrote:
> On Sat, Sep 07, 2019 at 12:20:55PM -0500, Eric Blake wrote:
>> I received an off-list report of failure to connect to an NBD server
>> expecting an x509 certificate, when the client was attempting something
>> similar to this command line:
>>
>> +++ b/nbd/client.c
>> @@ -204,6 +204,7 @@ static int nbd_handle_reply_err(QIOChannel *ioc, NBDOptionReply *reply,
>> case NBD_REP_ERR_TLS_REQD:
>> error_setg(errp, "TLS negotiation required before option %" PRIu32
>> " (%s)", reply->option, nbd_opt_lookup(reply->option));
>> + error_append_hint(errp, "Did you forget a valid tls-creds?\n");
>> break;
>>
>> case NBD_REP_ERR_UNKNOWN:
>
> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Thanks. I should really learn to finish my iotest runs before posting,
because I have to squash this in before queuing through my NBD tree.
diff --git i/tests/qemu-iotests/233.out w/tests/qemu-iotests/233.out
index 24321efa113b..c3c344811b2b 100644
--- i/tests/qemu-iotests/233.out
+++ w/tests/qemu-iotests/233.out
@@ -21,8 +21,10 @@ server reported: TLS not configured
== check plain client to TLS server fails ==
qemu-img: Could not open 'nbd://localhost:PORT': TLS negotiation
required before option 7 (go)
+Did you forget a valid tls-creds?
server reported: Option 0x7 not permitted before TLS
qemu-nbd: TLS negotiation required before option 3 (list)
+Did you forget a valid tls-creds?
server reported: Option 0x3 not permitted before TLS
== check TLS works ==
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
prev parent reply other threads:[~2019-09-09 16:44 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-07 17:20 [Qemu-devel] [PATCH] nbd/client: Add hint when TLS is missing Eric Blake
2019-09-09 9:13 ` Daniel P. Berrangé
2019-09-09 16:43 ` Eric Blake [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5a56a456-b1dc-9d15-2047-b3fde440854d@redhat.com \
--to=eblake@redhat.com \
--cc=berrange@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=timao@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).