[Spice-devel] [attila.sukosd at gmail.com: Re: help!secure port for spice]

Wed Nov 3 08:34:21 PDT 2010

Date: Wed, 3 Nov 2010 15:37:45 +0100
From: Attila Sukosd <attila.sukosd at gmail.com>
To: Alon Levy <alevy at redhat.com>
Subject: Re: [Spice-devel] help!secure port for spice

On Wed, Nov 3, 2010 at 3:33 PM, Alon Levy <alevy at redhat.com> wrote:

> On Wed, Nov 03, 2010 at 03:17:42PM +0100, Attila Sukosd wrote:
> > On Wed, Nov 3, 2010 at 1:32 PM, Alon Levy <alevy at redhat.com> wrote:
> >
> > > On Wed, Nov 03, 2010 at 01:20:51PM +0100, Attila Sukosd wrote:
> > > > On Wed, Nov 3, 2010 at 7:57 AM, Alon Levy <alevy at redhat.com> wrote:
> > > >
> > > > > On Wed, Nov 03, 2010 at 11:09:39AM +0800, Danica wrote:
> > > > > > hi,guys
> > > > > >
> > > > > >      I'm new for spice.I met some troubles when I was working on
> the
> > > > > secure
> > > > > > port for spice through SSL.
> > > > > >
> > > > > >      I have already read the page on spice-space about the
> > > > > SSLConection.But
> > > > > > I still can't fix the issues.
> > > > > > I ran the script and got the certificance.When I start the spicec
> > > with
> > > > > > it,spicec said it is bad format,
> > > > > > and something is missing.And it can't get the cert information
> from
> > > the
> > > > > > server-key.I really can't figure out why it is.
> > > > >
> > > > > What are the commands you ran? what error did you get? I've
> recently
> > > > > updated the SSLConnection page, maybe you tried an older version of
> it?
> > > > > Specifically do you provice a a--subject-host
> <server-cert-subject>?
> > > and do
> > > > > you use a server key with or without passphrase (both can work, but
> for
> > > the
> > > > > later you need to supply a x509-key-password switch when giving the
> > > spice
> > > > > parameters to qemu).
> > > > >
> > > > > Any output from the failed server and client would also help.
> > > > >
> > > > > Alon
> > > > >
> > > > >
> > > > Hi,
> > > >
> > > > Sorry for hijacking this, but I actually have a related question:
> > > > With RHEV where do I get the .pem file to be used with spicec?
> > > Isn't it installed with the xpi by the frontend? Is there some RHEV
> mailing
> > > list? they should have a better idea.
> > >
> > > I'm trying to using with with a vanilla spice client and some custom
> python
> > script using the rhevm-api to create a loginless kiosk thinclient.
> >
>
> any reason you've taken this off list? anyway, to answer your question, in
> this case why do you care about rhevm? spicec just looks at the
> aformentioned windows path, so simply get the certificate there. I am not
> familiar with the rhevm-api, but I don't get what you are using it for - if
> you just want to launch spicec, and you are launching qemu on your own, then
> no need for rhevm, no? if you are launching qemu through rhevm then I can
> understand. Is that the case?
>
> Sorry, you replied to me directly, so I thought you wanted to take it off
the list.
Yes, we are launching qemu through rhevm. The python script contacts the
rhev manager to get a ticket, and launches spicec with the correct
parameters to connect to the right server with the ticket. However since we
haven't figured out where the ssl files come from, we have only been using
unencrypted channels so far, but in a production setup this is of course not
ideal.

> >
> > > >
> > > > Best Regards,
> > > >
> > > > Attila
> > > >
> > > >
> > > >
> > > > > >
> > > > > >     I appreciate for your help!Thanks!
> > > > > >
> > > > > > Regards,
> > > > > >
> > > > > > Danica
> > > > >
> > > > > > _______________________________________________
> > > > > > Spice-devel mailing list
> > > > > > Spice-devel at lists.freedesktop.org
> > > > > > http://lists.freedesktop.org/mailman/listinfo/spice-devel
> > > > >
> > > > > _______________________________________________
> > > > > Spice-devel mailing list
> > > > > Spice-devel at lists.freedesktop.org
> > > > > http://lists.freedesktop.org/mailman/listinfo/spice-devel
> > > > >
> > >
>

----- End forwarded message -----