[Spice-devel] SSL connection problem

Christophe Fergeau cfergeau at redhat.com
Thu Nov 22 02:15:58 PST 2012 

Hey,

On Wed, Nov 21, 2012 at 07:42:46PM +0000, Jodi Curtis wrote:
> I am still having problems connecting via SSL after resolving the
> apparmor.d problem with reading the key directory contents
> On attempts to connect via virsh I am given this warning
> spice channels 1 should be encrypted, I'm guessing this is an
> authentication issue with my attempts to connect?

To connect via virsh? How do you mean? I'd try with remote-viewer directly.
This looks like a client is trying to connect without using TLS/SSL, while
the qemu command line says that the main spice channel must be encrypted,
hence the warning.

Christophe

> 
> sudo /var/log/libvirt/qemu/qemu.conf
> 
> ((null):2230): Spice-Warning **: reds.c:2812:reds_handle_read_link_done:
> spice channels 1 should be encrypted
> 
> 2012-11-13 07:28:43.081+0000: starting up
> LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin
> QEMU_AUDIO_DRV=spice /usr/bin/kvm -name VM11 -S -M pc-1.2 -cpu
> Opteron_G3,+ibs,+osvw,+3dnowprefetch,+cr8legacy,+extapic,+cmp_legacy,+3dnow,+3dnowext,+pdpe1gb,+fxsr_opt,+mmxext,+ht,+vme
> -enable-kvm -m 2048 -smp 1,sockets=1,cores=1,threads=1 -uuid
> a5fa6af1-89e6-ff32-7d47-5fd28ab47a05 -no-user-config -nodefaults -chardev
> socket,id=charmonitor,path=/var/lib/libvirt/qemu/VM11.monitor,server,nowait
> -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime
> -no-shutdown -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive
> file=/var/lib/libvirt/local/fixed-pool0/buildsvr-disk0,if=none,id=drive-virtio-disk0,format=raw,cache=writeback
> -device
> virtio-blk-pci,scsi=off,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=3
> -drive
> file=/var/lib/libvirt/local/dynamic-pool0/buildsvr-disk1,if=none,id=drive-virtio-disk1,format=raw,cache=writethrough
> -device
> virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk1,id=virtio-disk1,bootindex=4
> -drive if=none,id=drive-ide0-0-0,readonly=on,format=raw -device
> ide-cd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=2 -drive
> file=/var/lib/libvirt/local/fixed-pool0/buildsvr-media,if=none,id=drive-ide0-0-1,readonly=on,format=raw
> -device
> ide-cd,bus=ide.0,unit=1,drive=drive-ide0-0-1,id=ide0-0-1,bootindex=1
> -netdev tap,fd=21,id=hostnet0,vhost=on,vhostfd=22 -device
> virtio-net-pci,netdev=hostnet0,id=net0,mac=00:16:3e:1a:b3:4c,bus=pci.0,addr=0x3
> -chardev pty,id=charserial0 -device
> isa-serial,chardev=charserial0,id=serial0 -device usb-tablet,id=input0
> -spice
> port=5908,tls-port=5918,addr=0.0.0.0,agent-mouse=on,disable-ticketing,x509-dir=/var/lib/libvirt/pki/libvirt-spice,tls-channel=main,plaintext-channel=display,plaintext-channel=inputs,plaintext-channel=cursor,plaintext-channel=playback,plaintext-channel=record,plaintext-channel=usbredir,image-compression=auto_glz,streaming-video=filter
> -k en-gb -vga qxl -global qxl-vga.vram_size=33554432 -device
> virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5
> char device redirected to /dev/pts/1
> ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done:
> spice channels 1 should be encrypted
> ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done:
> spice channels 1 should be encrypted
> ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done:
> spice channels 1 should be encrypted
> ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done:
> spice channels 1 should be encrypted
> ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done:
> spice channels 1 should be encrypted
> ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done:
> spice channels 1 should be encrypted
> ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done:
> spice channels 1 should be encrypted
> ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done:
> spice channels 1 should be encrypted
> ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done:
> spice channels 1 should be encrypted
> ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done:
> spice channels 1 should be encrypted
> ((null):1838): Spice-Warning **: reds.c:2812:reds_handle_read_link_done:
> spice channels 1 should be encrypted

> _______________________________________________
> Spice-devel mailing list
> Spice-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/spice-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20121122/b10432af/attachment.pgp>

More information about the Spice-devel mailing list