[Spice-devel] remote-viewer: tls seamless migration : CA option is not keep
Alexandre DERUMIER
aderumier at odiso.com
Mon Jul 22 06:44:47 PDT 2013
>>Can you try the attached patch (not tested)? thanks
It's works fine, thanks !
----- Mail original -----
De: "Marc-André Lureau" <mlureau at redhat.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: "spice-devel" <spice-devel at lists.freedesktop.org>
Envoyé: Lundi 22 Juillet 2013 15:25:07
Objet: Re: [Spice-devel] remote-viewer: tls seamless migration : CA option is not keep
Hi
----- Mensaje original -----
> Hi,
>
> I'm trying to do seamless migration of a qemu guest, using only tls for spice
> client.
>
> Client is remote-viewer, and is launched through a config file with the ca
> certificate embedded like this
>
> [virt-viewer]
> type=spice
> ca=----BEGIN CERTIFICATE------\n........\nEND CERTIFICATE----\n
> tls-port=xxxx
> ...
>
>
> This works fine for establish the connection to spice server,
> but when I'm doing a seamless migration, the ca is not reused and
> remote-viewer give me
>
> (remote-viewer:25533): GSpice-WARNING **: no cert loaded
>
> Workaround is to copy the cerficate in .spicec/spice_truststore.pem,
>
> But I would like to avoid to do this.
>
>
> Is it a bug ? or does exist some option to force remote-viewer to auto write
> the ca=... inside the spice_truststore.pem ?
It looks like a bug, I think we should copy the ca when creating the migration session. Can you try the attached patch (not tested)? thanks
More information about the Spice-devel
mailing list