Re: [PULL 10/11] crypto: push error reporting into TLS session I/O APIs

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PULL 10/11] crypto: push error reporting into TLS session I/O APIs

From:	Markus Armbruster
Subject:	Re: [PULL 10/11] crypto: push error reporting into TLS session I/O APIs
Date:	Tue, 27 Aug 2024 09:05:04 +0200
User-agent:	Gnus/5.13 (Gnus v5.13)

Daniel P. Berrangé <berrange@redhat.com> writes:

> On Mon, Aug 12, 2024 at 05:38:41PM +0200, Thomas Huth wrote:
>> On 24/07/2024 11.47, Daniel P. Berrangé wrote:
>> > The current TLS session I/O APIs just return a synthetic errno
>> > value on error, which has been translated from a gnutls error
>> > value. This looses a large amount of valuable information that
>> > distinguishes different scenarios.
>> > 
>> > Pushing population of the "Error *errp" object into the TLS
>> > session I/O APIs gives more detailed error information.
>> > 
>> > Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
>> > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
>> > ---
>> 
>>  Hi Daniel!
>> 
>> iotest 233 is failing for me with -raw now, and bisection
>> points to this commit. Output is:
>> 
>> --- .../qemu/tests/qemu-iotests/233.out
>> +++ /tmp/qemu/tests/qemu-iotests/scratch/raw-file-233/233.out.bad
>> @@ -69,8 +69,8 @@
>>  1 MiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
>> 
>>  == check TLS with authorization ==
>> -qemu-img: Could not open 
>> 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option 
>> reply: Cannot read from TLS channel: Software caused connection abort
>> -qemu-img: Could not open 
>> 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option 
>> reply: Cannot read from TLS channel: Software caused connection abort
>> +qemu-img: Could not open 
>> 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option 
>> reply: Cannot read from TLS channel: The TLS connection was non-properly 
>> terminated.
>> +qemu-img: Could not open 
>> 'driver=nbd,host=127.0.0.1,port=PORT,tls-creds=tls0': Failed to read option 
>> reply: Cannot read from TLS channel: The TLS connection was non-properly 
>> terminated.
>
> This is an expected change. Previously squashed the real GNUTLS error
> into ECONNABORTED:
>
> -        case GNUTLS_E_PREMATURE_TERMINATION:
> -            errno = ECONNABORTED;
> -            break;
>
>
> now we report the original gnutls root cause.
>
> IOW, we need to update the expected output files.

Has this been done?

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PULL 10/11] crypto: push error reporting into TLS session I/O APIs, Thomas Huth, 2024/08/12
- Re: [PULL 10/11] crypto: push error reporting into TLS session I/O APIs, Daniel P . Berrangé, 2024/08/12
  - Re: [PULL 10/11] crypto: push error reporting into TLS session I/O APIs, Markus Armbruster <=
    - Re: [PULL 10/11] crypto: push error reporting into TLS session I/O APIs, Thomas Huth, 2024/08/28
    - Re: [PULL 10/11] crypto: push error reporting into TLS session I/O APIs, Daniel P . Berrangé, 2024/08/29

Prev by Date: [RFC PATCH v3 22/24] tests/qtest: add tests for flexcomm spi
Next by Date: Re: [RFC PATCH 2/3] target/riscv: add Ssdbltrp extension support
Previous by thread: Re: [PULL 10/11] crypto: push error reporting into TLS session I/O APIs
Next by thread: Re: [PULL 10/11] crypto: push error reporting into TLS session I/O APIs
Index(es):
- Date
- Thread