On Tue, Apr 26, 2022 at 05:00:47PM +0100, Daniel P. Berrangé wrote:
> This validates that we correctly handle multifd migration success
> and failure scenarios when using TLS with x509 certificates. There
> are quite a few different scenarios that matter in relation to
> hostname validation, but we skip a couple as we can assume that
> the non-multifd coverage applies to some extent.
>
> Signed-off-by: Daniel P. Berrangé <[email protected]>
> ---
> tests/qtest/migration-test.c | 127 +++++++++++++++++++++++++++++++++++
> 1 file changed, 127 insertions(+)
>
> +
> +static void test_multifd_tcp_tls_x509_mismatch_host(void)
> +{
> + /*
> + * This has different behaviour to the non-multifd case.
> + *
> + * In non-multifd case when client aborts due to mismatched
> + * cert host, the server has already started trying to load
> + * migration state, and so it exits with I/O failure.
odd double space
> + *
> + * In multifd case when client aborts due to mismatched
> + * cert host, the server is still waiting for the other
> + * multifd connections to arrive so hasn't started trying
> + * to load migration state, and thus just aborts the migration
> + * without exiting
Worth a trailing .
> + */
> + MigrateCommon args = {
> + .start = {
> + .hide_stderr = true,
> + },
> + .listen_uri = "defer",
> + .start_hook = test_migrate_multifd_tls_x509_start_mismatch_host,
> + .finish_hook = test_migrate_tls_x509_finish,
> + .result = MIG_TEST_FAIL,
> + };
> + test_precopy_common(&args);
> +}
Definitely a good example of why this was worth testing, and the
comment explains why the difference in observed failure scenarios is
good.
Comment fixes are trivial, so
Reviewed-by: Eric Blake <[email protected]>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
