This neutral refactoring adds -DTLS_MODE. We can in future change the
requested TLS mode, but not in this commit.
It also checks that nbd_get_tls_negotiated returns true after
connecting, when the requested mode was set to LIBNBD_TLS_REQUIRE.
---
interop/Makefile.am | 4 ++++
interop/interop.c | 26 ++++++++++++++++++++------
2 files changed, 24 insertions(+), 6 deletions(-)
diff --git a/interop/Makefile.am b/interop/Makefile.am
index 9cb8071..8a5b787 100644
--- a/interop/Makefile.am
+++ b/interop/Makefile.am
@@ -100,6 +100,7 @@ interop_qemu_nbd_tls_certs_CPPFLAGS = \
-DSERVER_PARAMS='"--object",
"tls-creds-x509,id=tls0,endpoint=server,dir=$(abs_top_builddir)/tests/pki",
"--tls-creds", "tls0", "-f", "raw",
"-x", "/", "-p", port_str, tmpfile' \
-DEXPORT_NAME='"/"' \
-DCERTS=1 \
+ -DTLS_MODE=LIBNBD_TLS_REQUIRE \
$(NULL)
interop_qemu_nbd_tls_certs_CFLAGS = $(WARNINGS_CFLAGS)
interop_qemu_nbd_tls_certs_LDADD = $(top_builddir)/lib/libnbd.la
@@ -113,6 +114,7 @@ interop_qemu_nbd_tls_psk_CPPFLAGS = \
-DSERVER_PARAMS='"--object",
"tls-creds-psk,id=tls0,endpoint=server,dir=$(abs_top_builddir)/tests",
"--tls-creds", "tls0", "-f", "raw",
"-x", "/", "-p", port_str, tmpfile' \
-DEXPORT_NAME='"/"' \
-DPSK=1 \
+ -DTLS_MODE=LIBNBD_TLS_REQUIRE \
$(NULL)
interop_qemu_nbd_tls_psk_CFLAGS = $(WARNINGS_CFLAGS)
interop_qemu_nbd_tls_psk_LDADD = $(top_builddir)/lib/libnbd.la
@@ -173,6 +175,7 @@ interop_nbdkit_tls_certs_CPPFLAGS = \
-DSERVER=\"$(NBDKIT)\" \
-DSERVER_PARAMS='"--tls=require",
"--tls-certificates=../tests/pki", "-s",
"--exit-with-parent", "file", tmpfile' \
-DCERTS=1 \
+ -DTLS_MODE=LIBNBD_TLS_REQUIRE \
$(NULL)
interop_nbdkit_tls_certs_CFLAGS = $(WARNINGS_CFLAGS)
interop_nbdkit_tls_certs_LDADD = $(top_builddir)/lib/libnbd.la
@@ -183,6 +186,7 @@ interop_nbdkit_tls_psk_CPPFLAGS = \
-DSERVER=\"$(NBDKIT)\" \
-DSERVER_PARAMS='"--tls=require", "--tls-psk=../tests/keys.psk",
"-s", "--exit-with-parent", "file", tmpfile' \
-DPSK=1 \
+ -DTLS_MODE=LIBNBD_TLS_REQUIRE \
$(NULL)
interop_nbdkit_tls_psk_CFLAGS = $(WARNINGS_CFLAGS)
interop_nbdkit_tls_psk_LDADD = $(top_builddir)/lib/libnbd.la
diff --git a/interop/interop.c b/interop/interop.c
index 0b7b1a5..2772721 100644
--- a/interop/interop.c
+++ b/interop/interop.c
@@ -35,6 +35,13 @@
#define SIZE (1024*1024)
+#if CERTS || PSK
+#define TLS 1
+#ifndef TLS_MODE
+#error "TLS_MODE must be defined when using CERTS || PSK"
+#endif
+#endif
+
int
main (int argc, char *argv[])
{
@@ -73,15 +80,12 @@ main (int argc, char *argv[])
}
#endif
-#if CERTS || PSK
- /* Require TLS on the handle and fail if not available or if the
- * handshake fails.
- */
+#if TLS
if (nbd_supports_tls (nbd) != 1) {
fprintf (stderr, "skip: compiled without TLS support\n");
exit (77);
}
- if (nbd_set_tls (nbd, LIBNBD_TLS_REQUIRE) == -1) {
+ if (nbd_set_tls (nbd, TLS_MODE) == -1) {
fprintf (stderr, "%s\n", nbd_get_error ());
exit (EXIT_FAILURE);
}
@@ -142,6 +146,16 @@ main (int argc, char *argv[])
#endif
+#if TLS
+ if (TLS_MODE == LIBNBD_TLS_REQUIRE &&
+ nbd_get_tls_negotiated (nbd) != 1) {
+ fprintf (stderr,
+ "%s: TLS required, but not negotiated on the connection\n",
+ argv[0]);
+ goto out;
+ }
+#endif
+
actual_size = nbd_get_size (nbd);
if (actual_size == -1) {
fprintf (stderr, "%s\n", nbd_get_error ());
@@ -160,7 +174,7 @@ main (int argc, char *argv[])
/* XXX In future test more operations here. */
-#if !CERTS && !PSK
+#if !TLS
/* XXX qemu doesn't shut down the connection nicely (using
* gnutls_bye) and because of this the following call will fail
* with:
--
2.23.0