On Mon, Oct 06, 2025 at 08:01:26PM +0100, Daniel P. Berrangé wrote: > The way that premature termination was handled in TLS connections was > changed to handle an ordering problem during graceful shutdown in the > migration code. > > Unfortunately one of the codepaths returned -1 to indicate an error > condition, but failed to set the 'errp' parameter. > > This broke error handling in the qio_channel_tls_handshake function, > as the QTask callback would no longer see that an error was raised. > As a result, the client will go on to try to use the already closed > TLS connection, resulting in misleading errors. > > This was evidenced in the I/O test 233 which showed changes such as > > -qemu-nbd: Certificate does not match the hostname localhost > +qemu-nbd: Failed to read initial magic: Unable to read from socket: > Connection reset by peer > > Fixes: 7e0c22d585581b8083ffdeb332ea497218665daf > Signed-off-by: Daniel P. Berrangé <[email protected]> > --- > crypto/tlssession.c | 8 +++++--- > io/channel-tls.c | 13 +++++++------ > 2 files changed, 12 insertions(+), 9 deletions(-)
Thanks; queued in my NBD tree, since I have further patches that will further alter the output of 233 to give more details about NBD devices. Tested-by: Eric Blake <[email protected]> Reviewed-by: Eric Blake <[email protected]> -- Eric Blake, Principal Software Engineer Red Hat, Inc. Virtualization: qemu.org | libguestfs.org
