Skip to content

Instantly share code, notes, and snippets.

@abligh

abligh/qemu-certs

Created April 6, 2016 14:32
Show Gist options
  • Save abligh/655146b9abcff699936e98d4931003f2 to your computer and use it in GitHub Desktop.
Save abligh/655146b9abcff699936e98d4931003f2 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
qemu-certs
$ ./qemu-img info --object tls-creds-x509,id=tls0,dir=../certs,endpoint=client,verify-peer=yes --image-opts driver=nbd,host=127.0.0.1,port=6666,export=foo,tls-creds=tls0
2: ASSERT: x509.c:2987
2: ASSERT: mpi.c:609
2: ASSERT: dn.c:1209
4: REC[0x7f3627870630]: Allocating epoch #0
2: ASSERT: gnutls_constate.c:695
4: REC[0x7f3627870630]: Allocating epoch #1
3: HSK[0x7f3627870630]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256
3: HSK[0x7f3627870630]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256
3: HSK[0x7f3627870630]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256
3: HSK[0x7f3627870630]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256
3: HSK[0x7f3627870630]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256
3: HSK[0x7f3627870630]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256
3: HSK[0x7f3627870630]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: RSA_ARCFOUR_SHA1
3: HSK[0x7f3627870630]: Keeping ciphersuite: RSA_ARCFOUR_MD5
2: EXT[0x7f3627870630]: Sending extension SAFE RENEGOTIATION (1 bytes)
2: EXT[SIGA]: sent signature algo (4.2) DSA-SHA256
2: EXT[SIGA]: sent signature algo (4.1) RSA-SHA256
2: EXT[SIGA]: sent signature algo (2.1) RSA-SHA1
2: EXT[SIGA]: sent signature algo (2.2) DSA-SHA1
2: EXT[0x7f3627870630]: Sending extension SIGNATURE ALGORITHMS (10 bytes)
3: HSK[0x7f3627870630]: CLIENT HELLO was sent [112 bytes]
6: BUF[HSK]: Inserted 112 bytes of Data
7: HWRITE: enqueued 112. Total 112 bytes.
7: HWRITE FLUSH: 112 bytes in buffer.
4: REC[0x7f3627870630]: Sending Packet[0] Handshake(22) with length: 112
7: WRITE: enqueued 117 bytes for 0x7f362787a450. Total 117 bytes.
4: REC[0x7f3627870630]: Sent Packet[1] Handshake(22) with length: 117
7: HWRITE: wrote 112 bytes, 0 bytes left.
7: WRITE FLUSH: 117 bytes in buffer.
7: WRITE: wrote 117 bytes, 0 bytes left.
7: READ: Got 5 bytes from 0x7f362787a450
7: READ: read 5 bytes from 0x7f362787a450
7: RB: Have 0 bytes into buffer. Adding 5 bytes.
7: RB: Requested 5 bytes
4: REC[0x7f3627870630]: Expected Packet[0] Handshake(22) with length: 1
4: REC[0x7f3627870630]: Received Packet[0] Handshake(22) with length: 49
7: READ: Got 49 bytes from 0x7f362787a450
7: READ: read 49 bytes from 0x7f362787a450
7: RB: Have 5 bytes into buffer. Adding 49 bytes.
7: RB: Requested 54 bytes
4: REC[0x7f3627870630]: Decrypted Packet[0] Handshake(22) with length: 49
6: BUF[HSK]: Inserted 49 bytes of Data(22)
6: BUF[REC][HD]: Read 1 bytes of Data(22)
6: BUF[REC][HD]: Read 3 bytes of Data(22)
3: HSK[0x7f3627870630]: SERVER HELLO was received [49 bytes]
6: BUF[REC][HD]: Read 45 bytes of Data(22)
6: BUF[HSK]: Inserted 4 bytes of Data
6: BUF[HSK]: Inserted 45 bytes of Data
3: HSK[0x7f3627870630]: Server's version: 3.3
3: HSK[0x7f3627870630]: SessionID length: 0
3: HSK[0x7f3627870630]: SessionID: 00
3: HSK[0x7f3627870630]: Selected cipher suite: RSA_AES_128_CBC_SHA1
2: EXT[0x7f3627870630]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
3: HSK[0x7f3627870630]: Safe renegotiation succeeded
7: READ: Got 5 bytes from 0x7f362787a450
7: READ: read 5 bytes from 0x7f362787a450
7: RB: Have 0 bytes into buffer. Adding 5 bytes.
7: RB: Requested 5 bytes
4: REC[0x7f3627870630]: Expected Packet[1] Handshake(22) with length: 1
4: REC[0x7f3627870630]: Received Packet[1] Handshake(22) with length: 944
7: READ: Got 944 bytes from 0x7f362787a450
7: READ: read 944 bytes from 0x7f362787a450
7: RB: Have 5 bytes into buffer. Adding 944 bytes.
7: RB: Requested 949 bytes
4: REC[0x7f3627870630]: Decrypted Packet[1] Handshake(22) with length: 944
6: BUF[HSK]: Inserted 944 bytes of Data(22)
6: BUF[REC][HD]: Read 1 bytes of Data(22)
6: BUF[REC][HD]: Read 3 bytes of Data(22)
3: HSK[0x7f3627870630]: CERTIFICATE was received [944 bytes]
6: BUF[REC][HD]: Read 940 bytes of Data(22)
6: BUF[HSK]: Peeked 161 bytes of Data
6: BUF[HSK]: Emptied buffer
6: BUF[HSK]: Inserted 4 bytes of Data
6: BUF[HSK]: Inserted 940 bytes of Data
7: READ: Got 5 bytes from 0x7f362787a450
7: READ: read 5 bytes from 0x7f362787a450
7: RB: Have 0 bytes into buffer. Adding 5 bytes.
7: RB: Requested 5 bytes
4: REC[0x7f3627870630]: Expected Packet[2] Handshake(22) with length: 1
4: REC[0x7f3627870630]: Received Packet[2] Handshake(22) with length: 23
7: READ: Got 23 bytes from 0x7f362787a450
7: READ: read 23 bytes from 0x7f362787a450
7: RB: Have 5 bytes into buffer. Adding 23 bytes.
7: RB: Requested 28 bytes
4: REC[0x7f3627870630]: Decrypted Packet[2] Handshake(22) with length: 23
6: BUF[HSK]: Inserted 23 bytes of Data(22)
6: BUF[REC][HD]: Read 1 bytes of Data(22)
6: BUF[REC][HD]: Read 3 bytes of Data(22)
3: HSK[0x7f3627870630]: CERTIFICATE REQUEST was received [23 bytes]
6: BUF[REC][HD]: Read 19 bytes of Data(22)
6: BUF[HSK]: Peeked 944 bytes of Data
6: BUF[HSK]: Emptied buffer
6: BUF[HSK]: Inserted 4 bytes of Data
6: BUF[HSK]: Inserted 19 bytes of Data
2: EXT[SIGA]: rcvd signature algo (4.1) RSA-SHA256
2: EXT[SIGA]: rcvd signature algo (4.3) GOST R 34.10-94
2: EXT[SIGA]: rcvd signature algo (5.1) RSA-SHA384
2: EXT[SIGA]: rcvd signature algo (5.3) GOST R 34.10-94
2: EXT[SIGA]: rcvd signature algo (2.1) RSA-SHA1
2: EXT[SIGA]: rcvd signature algo (2.3) GOST R 34.10-94
2: ASSERT: auth_cert.c:237
7: READ: Got 5 bytes from 0x7f362787a450
7: READ: read 5 bytes from 0x7f362787a450
7: RB: Have 0 bytes into buffer. Adding 5 bytes.
7: RB: Requested 5 bytes
4: REC[0x7f3627870630]: Expected Packet[3] Handshake(22) with length: 1
4: REC[0x7f3627870630]: Received Packet[3] Handshake(22) with length: 4
7: READ: Got 4 bytes from 0x7f362787a450
7: READ: read 4 bytes from 0x7f362787a450
7: RB: Have 5 bytes into buffer. Adding 4 bytes.
7: RB: Requested 9 bytes
4: REC[0x7f3627870630]: Decrypted Packet[3] Handshake(22) with length: 4
6: BUF[HSK]: Inserted 4 bytes of Data(22)
6: BUF[REC][HD]: Read 1 bytes of Data(22)
6: BUF[REC][HD]: Read 3 bytes of Data(22)
3: HSK[0x7f3627870630]: SERVER HELLO DONE was received [4 bytes]
6: BUF[HSK]: Peeked 23 bytes of Data
6: BUF[HSK]: Emptied buffer
6: BUF[HSK]: Inserted 4 bytes of Data
3: HSK[0x7f3627870630]: CERTIFICATE was sent [7 bytes]
6: BUF[HSK]: Peeked 4 bytes of Data
6: BUF[HSK]: Emptied buffer
7: HWRITE: enqueued 7. Total 7 bytes.
3: HSK[0x7f3627870630]: CLIENT KEY EXCHANGE was sent [310 bytes]
6: BUF[HSK]: Peeked 0 bytes of Data
6: BUF[HSK]: Emptied buffer
7: HWRITE: enqueued 310. Total 317 bytes.
7: HWRITE FLUSH: 317 bytes in buffer.
4: REC[0x7f3627870630]: Sending Packet[1] Handshake(22) with length: 7
7: WRITE: enqueued 12 bytes for 0x7f362787a450. Total 12 bytes.
4: REC[0x7f3627870630]: Sent Packet[2] Handshake(22) with length: 12
7: HWRITE: wrote 7 bytes, 310 bytes left.
4: REC[0x7f3627870630]: Sending Packet[2] Handshake(22) with length: 310
7: WRITE: enqueued 315 bytes for 0x7f362787a450. Total 327 bytes.
4: REC[0x7f3627870630]: Sent Packet[3] Handshake(22) with length: 315
7: HWRITE: wrote 310 bytes, 0 bytes left.
7: WRITE FLUSH: 327 bytes in buffer.
7: WRITE: wrote 327 bytes, 0 bytes left.
3: REC[0x7f3627870630]: Sent ChangeCipherSpec
4: REC[0x7f3627870630]: Sending Packet[3] Change Cipher Spec(20) with length: 1
7: WRITE: enqueued 6 bytes for 0x7f362787a450. Total 6 bytes.
7: WRITE FLUSH: 6 bytes in buffer.
7: WRITE: wrote 6 bytes, 0 bytes left.
4: REC[0x7f3627870630]: Sent Packet[4] Change Cipher Spec(20) with length: 6
9: INT: PREMASTER SECRET[48]: 03035c69de7470d8e0ee2bee42bd48278235b7c7338414f18fb3ca8e9e5828cda65af274907c897a6ee08c0c2edf91be
9: INT: CLIENT RANDOM[32]: 57051d6eb07ab67ef883af21b5cb1271136e9cf619c3a5ae9a2091e1765e3b38
9: INT: SERVER RANDOM[32]: d3369f105a28e0610fa8188e9cb1a813156d9285f34c4a774afc8b6e21cc655b
9: INT: MASTER SECRET: 1e3d52138b1532dd0247f9a45ce01399573557e54357ebd3748883ffb7e4d2ade18398eb63fb1d912f991fe9a2c72fff
4: REC[0x7f3627870630]: Initializing epoch #1
9: INT: KEY BLOCK[104]: d32b4c874f1e8db72aab2751e990783b156da548b949e22441f41be0167531a7
9: INT: CLIENT WRITE KEY [16]: 7b8d1de1ec5118f42545c5b5d4c4f8d8
9: INT: SERVER WRITE KEY [16]: 6f5d50e264a862b78d3d0a5417e314df
4: REC[0x7f3627870630]: Epoch #1 ready
3: HSK[0x7f3627870630]: Cipher Suite: RSA_AES_128_CBC_SHA1
3: HSK[0x7f3627870630]: Initializing internal [write] cipher sessions
4: REC[0x7f3627870630]: Start of epoch cleanup
4: REC[0x7f3627870630]: End of epoch cleanup
6: BUF[HSK]: Peeked 0 bytes of Data
6: BUF[HSK]: Emptied buffer
3: HSK[0x7f3627870630]: recording tls-unique CB (send)
3: HSK[0x7f3627870630]: FINISHED was sent [16 bytes]
6: BUF[HSK]: Peeked 0 bytes of Data
6: BUF[HSK]: Emptied buffer
7: HWRITE: enqueued 16. Total 16 bytes.
7: HWRITE FLUSH: 16 bytes in buffer.
4: REC[0x7f3627870630]: Sending Packet[0] Handshake(22) with length: 16
7: WRITE: enqueued 133 bytes for 0x7f362787a450. Total 133 bytes.
4: REC[0x7f3627870630]: Sent Packet[1] Handshake(22) with length: 133
7: HWRITE: wrote 16 bytes, 0 bytes left.
7: WRITE FLUSH: 133 bytes in buffer.
7: WRITE: wrote 133 bytes, 0 bytes left.
2: ASSERT: ext_session_ticket.c:710
7: READ: Got 5 bytes from 0x7f362787a450
7: READ: read 5 bytes from 0x7f362787a450
7: RB: Have 0 bytes into buffer. Adding 5 bytes.
7: RB: Requested 5 bytes
4: REC[0x7f3627870630]: Expected Packet[4] Change Cipher Spec(20) with length: 1
4: REC[0x7f3627870630]: Received Packet[4] Alert(21) with length: 2
7: READ: Got 2 bytes from 0x7f362787a450
7: READ: read 2 bytes from 0x7f362787a450
7: RB: Have 5 bytes into buffer. Adding 2 bytes.
7: RB: Requested 7 bytes
4: REC[0x7f3627870630]: Decrypted Packet[4] Alert(21) with length: 2
4: REC[0x7f3627870630]: Alert[2|42] - Certificate is bad - was received
2: ASSERT: gnutls_record.c:726
2: ASSERT: gnutls_record.c:1122
2: ASSERT: gnutls_handshake.c:2933
2: ASSERT: gnutls_handshake.c:3139
6: BUF[HSK]: Cleared Data from buffer
6: BUF[HSK]: Cleared Data from buffer
4: REC[0x7f3627870630]: Epoch #0 freed
4: REC[0x7f3627870630]: Epoch #1 freed
qemu-img: Could not open 'driver=nbd,host=127.0.0.1,port=6666,export=foo,tls-creds=tls0'TLS handshake failed: A TLS fatal alert has been received.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment