[Spice-devel] SSL connect problem

David Jaša djasa at redhat.com
Fri Mar 23 03:37:47 PDT 2012 

Anthony James píše v Pá 23. 03. 2012 v 06:26 -0400:
> David,
> 
> Thanks for the reply.  I've tried adding --ca-file to the spicec
> command line but still receive the same error.  Here is the command:
> 
> spicec -h localhost -p $PORT -s $SPORT --secure-channels all
> --host-subject "$HOSTSUBJECT" --ca-file ca-cert.pem -w $PASSWD
> 
> Same error:
> 
> Error: failed to connect w/SSL, ssl_error
> error:00000001:lib(0):func(0):reason(1)
> 140613653984512:error:14090086:SSL
> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
> failed:s3_clnt.c:1063:
> Warning: SSL Error:

Hi Anthony,

try several times. It's a known bug in spicec that when you're
connecting manually, the connection fails several times before it is
established. Actually it's more frequent if you specify --secure
channels all or if you omit -p altogether (both have the same effect).

David
> 
> On Fri, Mar 23, 2012 at 6:06 AM, David Jaša <djasa at redhat.com> wrote:
>         Hi Anthony,
>         
>         Anthony James píše v Čt 22. 03. 2012 v 15:40 -0400:
>         > I'm having problems connecting to a spice virtual machine
>         using SSL.
>         >  I use the following command to connect:
>         >
>         >
>         > spicec -h localhost -p $PORT -s $SPORT --secure-channels all
>         > --host-subject "$HOSTSUBJECT" -w $PASSWD
>         >
>         
>         You're missing --ca-file $CA_CERTIFICATE_FILE in your command
>         line.
>         
>         David
>         >
>         > The error I receive is:
>         >
>         >
>         > Error: failed to connect w/SSL, ssl_error
>         > error:00000001:lib(0):func(0):reason(1)
>         > 139699632096512:error:14090086:SSL
>         > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
>         > failed:s3_clnt.c:1063:
>         > Warning: SSL Error:
>         >
>         >
>         > I have followed the instructions from the following 2 sites
>         to
>         > configure the SSL certs:
>         >
>         >
>         > http://www.spice-space.org/page/SSLConnection
>         >
>         >
>         >
>         http://fedoraproject.org/w/index.php?title=QA:Testcase_Virtualization_Manually_set_spice_listening_port_with_TLS_port_set&oldid=255162
>         >
>         >
>         > Any help would be greatly appreciated, I'm sure I'm missing
>         something.
>         >
>         >
>         > Thanks,
>         > Tony
>         
>         > _______________________________________________
>         > Spice-devel mailing list
>         > Spice-devel at lists.freedesktop.org
>         > http://lists.freedesktop.org/mailman/listinfo/spice-devel
>         
>         
>         --
>         
>         David Jaša, RHCE
>         
>         SPICE QE based in Brno
>         GPG Key:     22C33E24
>         Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
>         
>         
>         
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel

-- 

David Jaša, RHCE

SPICE QE based in Brno
GPG Key:     22C33E24 
Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24

More information about the Spice-devel mailing list