file: Add an internal "mode"
[nbdkit.git] / tests / test-tls.sh
blobb850ef04acbc1697db8cadba3a59d4e7c5c7aeae
1 #!/usr/bin/env bash
2 # nbdkit
3 # Copyright (C) 2017 Red Hat Inc.
5 # Redistribution and use in source and binary forms, with or without
6 # modification, are permitted provided that the following conditions are
7 # met:
9 # * Redistributions of source code must retain the above copyright
10 # notice, this list of conditions and the following disclaimer.
12 # * Redistributions in binary form must reproduce the above copyright
13 # notice, this list of conditions and the following disclaimer in the
14 # documentation and/or other materials provided with the distribution.
16 # * Neither the name of Red Hat nor the names of its contributors may be
17 # used to endorse or promote products derived from this software without
18 # specific prior written permission.
20 # THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND
21 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23 # PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR
24 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
27 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
28 # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
29 # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
30 # OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 # SUCH DAMAGE.
33 source ./functions.sh
34 set -e
35 set -x
37 requires qemu-img --version
39 if ! qemu-img --help | grep -- --object; then
40 echo "$0: 'qemu-img' command does not have the --object option"
41 exit 77
44 # Does the nbdkit binary support TLS?
45 if ! nbdkit --dump-config | grep -sq tls=yes; then
46 echo "$0: nbdkit built without TLS support"
47 exit 77
50 # RHEL 7 GnuTLS did not support --tls-verify-peer.
51 requires nbdkit --tls-verify-peer -U - null --run 'exit 0'
53 # Did we create the PKI files?
54 # Probably 'certtool' is missing.
55 pkidir="$PWD/pki"
56 if [ ! -f "$pkidir/ca-cert.pem" ]; then
57 echo "$0: PKI files were not created by the test harness"
58 exit 77
61 # Unfortunately qemu 4.0 cannot do TLS over a Unix domain socket (nbdkit
62 # can, but that is tested in tests-nbd-tls.sh). Find an unused port to
63 # listen on.
64 pick_unused_port
66 cleanup_fn rm -f tls.pid tls.out
67 start_nbdkit -P tls.pid -p $port -n \
68 --tls=require --tls-certificates="$pkidir" --tls-verify-peer \
69 -D nbdkit.tls.session=1 \
70 example1
72 # Run qemu-img against the server.
73 qemu-img info --output=json \
74 --object "tls-creds-x509,id=tls0,endpoint=client,dir=$pkidir" \
75 --image-opts "file.driver=nbd,file.host=localhost,file.port=$port,file.tls-creds=tls0" > tls.out
77 cat tls.out
79 grep -sq '"format": *"raw"' tls.out
80 grep -sq '"virtual-size": *104857600\b' tls.out