[Spice-devel] Spice-Client Windows + SSL Bug+fix ?

Marian Krcmarik mkrcmari at redhat.com
Tue Jun 21 10:45:45 PDT 2011


Great, Could you please possibly file a bug on https://bugs.freedesktop.org/ under Spice?

----- Original Message -----
> From: thomast at cs.tu-berlin.de
> To: "Marian Krcmarik" <mkrcmari at redhat.com>
> Cc: thomast at cs.tu-berlin.de, spice-devel at lists.freedesktop.org
> Sent: Tuesday, June 21, 2011 7:03:50 PM
> Subject: Re: [Spice-devel] Spice-Client Windows + SSL Bug+fix ?
> Hi,
> I followed http://spice-space.org/page/SSLConnection and used
> --host-subject.
> 
> I use:
> spicec -h 192.168.0.5 -s 5924 --host-subject
> C=DE,L=Berlin,O=MyTestingBench,CN=spiceserver
> 
> It Command runs with the Linuxclient without a Problem.
> On Windows it crashes as I described it. When I remove the [0] from
> (char*)&options.host_auth.host_pubkey[0] it works without an Problem.
> 
> Greetings
> Thomas Tyminski
> Berlin , Germany
> 
> > Hi,
> > after quick look and user's perspective, Did you specify
> > --host-subject on
> > the client side?
> > It would give you an error If you do not.
> >
> > ----- Original Message -----
> >> From: thomast at cs.tu-berlin.de
> >> To: spice-devel at lists.freedesktop.org
> >> Sent: Tuesday, June 21, 2011 12:50:04 PM
> >> Subject: [Spice-devel] Spice-Client Windows + SSL Bug+fix ?
> >> Hi,
> >> I tried to use SSL with the Windowsclient.
> >>
> >> When I use the old one (from
> >> http://spice-space.org/download/binaries/spice-client-win32-0.6.3.zip):
> >>
> >> 1308268882 INFO [11344:8892] Platform::set_clipboard_owner: new
> >> clipboard
> >> owner: none
> >> 1308268882 INFO [11344:8892] PlatformWinProc: Unsupported clipboard
> >> format
> >> 1308268882 INFO [11344:8892] Application::main: starting 0.5.0.0
> >> 1308268882 INFO [11344:8892] GUI::GUI:
> >> 1308268883 INFO [11344:8892] ForeignMenu::ForeignMenu: Creating a
> >> foreign
> >> menu connection SpiceForeignMenu-11344
> >> 1308268883 INFO [11344:10072] RedPeer::connect_unsecure: Trying
> >> 192.169.0.5 5924
> >> 1308268883 INFO [11344:10072] RedPeer::connect_unsecure: Connected
> >> to
> >> 192.169.0.5 5924
> >> 1308268884 WARN [11344:10072] RedPeer::connect_secure: failed to
> >> connect
> >> w/SSL, ssl_error error:00000001:lib(0):func(0):reason(1)
> >> 1308268884 WARN [11344:10072] RedChannel::run: SSL Error:
> >> 1308268884 INFO [11344:8892] WinMain: Spice client terminated
> >> (exitcode = 7)
> >>
> >> in the spicec.log.
> >>
> >> The Server says:
> >> reds_handle_ssl_accept: SSL_accept failed, error=1
> >>
> >> So I tried to compile it by myself.
> >> Spice 0.8.1 won't compile but the current master branch.
> >>
> >> Debug spicec.exe gives me an Assertion Runtimeerror:
> >> "vector subscript out of range".
> >>
> >> Server says on that:
> >> reds_handle_ssl_accept: SSL_accept failed, error=5
> >>
> >> The Runtimeerror is triggered inside the Methode "connect_secure"
> >> of
> >> the
> >> class "RedPeer".
> >> Concretely Line 184 fw.
> >> "verify = spice_openssl_verify_new(
> >> _ssl, auth_flags,
> >> host,
> >> (char*)&options.host_auth.host_pubkey[0],
> >> options.host_auth.host_pubkey.size(),
> >> options.host_auth.host_subject.c_str());"
> >> seems to be the Problem.
> >> Changing Line 187 to
> >> "(char*)&options.host_auth.host_pubkey" fixes that Problem and I
> >> can
> >> run
> >> the Client with SSL.
> >>
> >> Btw. the variable vertify is never used (expect of freeing it) and
> >> options.host_auth.host_pubkey is empty/NULL, shouldn't it contain
> >> the
> >> data
> >> from spice_truststore.pem)?
> >>
> >> Greetings
> >> Thomas Tyminski
> >> Berlin , Germany
> >>
> >> =================
> >> P.S:
> >> If you already received this E-Mail, I am sorry for that.
> >>
> >> _______________________________________________
> >> Spice-devel mailing list
> >> Spice-devel at lists.freedesktop.org
> >> http://lists.freedesktop.org/mailman/listinfo/spice-devel
> >


More information about the Spice-devel mailing list