[Spice-devel] SSL connect problem
Alon Levy
alevy at redhat.com
Fri Mar 23 13:04:35 PDT 2012
On Fri, Mar 23, 2012 at 11:37:47AM +0100, David Jaša wrote:
> Anthony James píše v Pá 23. 03. 2012 v 06:26 -0400:
> > David,
> >
> > Thanks for the reply. I've tried adding --ca-file to the spicec
> > command line but still receive the same error. Here is the command:
> >
> > spicec -h localhost -p $PORT -s $SPORT --secure-channels all
> > --host-subject "$HOSTSUBJECT" --ca-file ca-cert.pem -w $PASSWD
> >
> > Same error:
> >
> > Error: failed to connect w/SSL, ssl_error
> > error:00000001:lib(0):func(0):reason(1)
> > 140613653984512:error:14090086:SSL
> > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
> > failed:s3_clnt.c:1063:
> > Warning: SSL Error:
>
> Hi Anthony,
>
> try several times. It's a known bug in spicec that when you're
> connecting manually, the connection fails several times before it is
> established. Actually it's more frequent if you specify --secure
Huh? It's known to fail so you have to relaunch spicec or just that
failed connections appear in the log? the later is the only thing I know
of. Any BZ?
> channels all or if you omit -p altogether (both have the same effect).
>
> David
> >
> > On Fri, Mar 23, 2012 at 6:06 AM, David Jaša <djasa at redhat.com> wrote:
> > Hi Anthony,
> >
> > Anthony James píše v Čt 22. 03. 2012 v 15:40 -0400:
> > > I'm having problems connecting to a spice virtual machine
> > using SSL.
> > > I use the following command to connect:
> > >
> > >
> > > spicec -h localhost -p $PORT -s $SPORT --secure-channels all
> > > --host-subject "$HOSTSUBJECT" -w $PASSWD
> > >
> >
> > You're missing --ca-file $CA_CERTIFICATE_FILE in your command
> > line.
> >
> > David
> > >
> > > The error I receive is:
> > >
> > >
> > > Error: failed to connect w/SSL, ssl_error
> > > error:00000001:lib(0):func(0):reason(1)
> > > 139699632096512:error:14090086:SSL
> > > routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
> > > failed:s3_clnt.c:1063:
> > > Warning: SSL Error:
> > >
> > >
> > > I have followed the instructions from the following 2 sites
> > to
> > > configure the SSL certs:
> > >
> > >
> > > http://www.spice-space.org/page/SSLConnection
> > >
> > >
> > >
> > http://fedoraproject.org/w/index.php?title=QA:Testcase_Virtualization_Manually_set_spice_listening_port_with_TLS_port_set&oldid=255162
> > >
> > >
> > > Any help would be greatly appreciated, I'm sure I'm missing
> > something.
> > >
> > >
> > > Thanks,
> > > Tony
> >
> > > _______________________________________________
> > > Spice-devel mailing list
> > > Spice-devel at lists.freedesktop.org
> > > http://lists.freedesktop.org/mailman/listinfo/spice-devel
> >
> >
> > --
> >
> > David Jaša, RHCE
> >
> > SPICE QE based in Brno
> > GPG Key: 22C33E24
> > Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
> >
> >
> >
> >
> > _______________________________________________
> > Spice-devel mailing list
> > Spice-devel at lists.freedesktop.org
> > http://lists.freedesktop.org/mailman/listinfo/spice-devel
>
> --
>
> David Jaša, RHCE
>
> SPICE QE based in Brno
> GPG Key: 22C33E24
> Fingerprint: 513A 060B D1B4 2A72 7F0D 0278 B125 CD00 22C3 3E24
>
>
>
> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel
More information about the Spice-devel
mailing list