[Spice-devel] remote-viewer: tls seamless migration : CA option is not keep

Marc-André Lureau mlureau at redhat.com
Mon Jul 22 06:25:07 PDT 2013


Hi

----- Mensaje original -----
> Hi,
> 
> I'm trying to do seamless migration of a qemu guest, using only tls for spice
> client.
> 
> Client is remote-viewer, and is launched through a config file with the ca
> certificate embedded like this
> 
> [virt-viewer]
> type=spice
> ca=----BEGIN CERTIFICATE------\n........\nEND CERTIFICATE----\n
> tls-port=xxxx
> ...
> 
> 
> This works fine for establish the connection to spice server,
> but when I'm doing a seamless migration, the ca is not reused and
> remote-viewer give me
> 
> (remote-viewer:25533): GSpice-WARNING **: no cert loaded
> 
> Workaround is to copy the cerficate in .spicec/spice_truststore.pem,
> 
> But I would like to avoid to do this.
> 
> 
> Is it a bug ? or does exist some option to force remote-viewer to auto write
> the ca=... inside the spice_truststore.pem ?

It looks like a bug, I think we should copy the ca when creating the migration session. Can you try the attached patch (not tested)? thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-session-copy-ca-property-in-copy-ctor.patch
Type: text/x-patch
Size: 957 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20130722/a63b733a/attachment.bin>


More information about the Spice-devel mailing list