[Spice-devel] SSL connect problem

Alon Levy alevy at redhat.com
Fri Mar 23 13:04:35 PDT 2012


On Fri, Mar 23, 2012 at 11:37:47AM +0100, David Jaša wrote:
> Anthony James píše v Pá 23. 03. 2012 v 06:26 -0400:
> > David,
> > 
> > Thanks for the reply.  I've tried adding --ca-file to the spicec
> > command line but still receive the same error.  Here is the command:
> > 
> > spicec -h localhost -p $PORT -s $SPORT --secure-channels all
> > --host-subject "$HOSTSUBJECT" --ca-file ca-cert.pem -w $PASSWD
> > 
> > Same error:
> > 
> > Error: failed to connect w/SSL, ssl_error
> > error:00000001:lib(0):func(0):reason(1)
> > 140613653984512:error:14090086:SSL
> > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
> > failed:s3_clnt.c:1063:
> > Warning: SSL Error:
> 
> Hi Anthony,
> 
> try several times. It's a known bug in spicec that when you're
> connecting manually, the connection fails several times before it is
> established. Actually it's more frequent if you specify --secure

Huh? It's known to fail so you have to relaunch spicec or just that
failed connections appear in the log? the later is the only thing I know
of. Any BZ?

> channels all or if you omit -p altogether (both have the same effect).
> 
> David
> > 
> > On Fri, Mar 23, 2012 at 6:06 AM, David Jaša <djasa at redhat.com> wrote:
> >         Hi Anthony,
> >         
> >         Anthony James píše v Čt 22. 03. 2012 v 15:40 -0400:
> >         > I'm having problems connecting to a spice virtual machine
> >         using SSL.
> >         >  I use the following command to connect:
> >         >
> >         >
> >         > spicec -h localhost -p $PORT -s $SPORT --secure-channels all
> >         > --host-subject "$HOSTSUBJECT" -w $PASSWD
> >         >
> >         
> >         You're missing --ca-file $CA_CERTIFICATE_FILE in your command
> >         line.
> >         
> >         David
> >         >
> >         > The error I receive is:
> >         >
> >         >
> >         > Error: failed to connect w/SSL, ssl_error
> >         > error:00000001:lib(0):func(0):reason(1)
> >         > 139699632096512:error:14090086:SSL
> >         > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
> >         > failed:s3_clnt.c:1063:
> >         > Warning: SSL Error:
> >         >
> >         >
> >         > I have followed the instructions from the following 2 sites
> >         to
> >         > configure the SSL certs:
> >         >
> >         >
> >         > http://www.spice-space.org/page/SSLConnection
> >         >
> >         >
> >         >
> >         http://fedoraproject.org/w/index.php?title=QA:Testcase_Virtualization_Manually_set_spice_listening_port_with_TLS_port_set&oldid=255162
> >         >
> >         >
> >         > Any help would be greatly appreciated, I'm sure I'm missing
> >         something.
> >         >
> >         >
> >         > Thanks,
> >         > Tony
> >         
> >         > _______________________________________________
> >         > Spice-devel mailing list
> >         > Spice-devel at lists.freedesktop.org
> >         > http://lists.freedesktop.org/mailman/listinfo/spice-devel
> >         
> >         
> >         --
> >         
> >         David Jaša, RHCE
> >         
> >         SPICE QE based in Brno
> >         GPG Key:     22C33E24
> >         Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
> >         
> >         
> >         
> > 
> > _______________________________________________
> > Spice-devel mailing list
> > Spice-devel at lists.freedesktop.org
> > http://lists.freedesktop.org/mailman/listinfo/spice-devel
> 
> -- 
> 
> David Jaša, RHCE
> 
> SPICE QE based in Brno
> GPG Key:     22C33E24 
> Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
> 
> 
> 
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel


More information about the Spice-devel mailing list