[Spice-devel] SPICE on libvirt/qemu with TLS
Christophe Fergeau
cfergeau at redhat.com
Mon Feb 16 02:39:46 PST 2015
Hey,
On Wed, Jan 28, 2015 at 05:44:42PM +0100, Joerg wrote:
> Hello,
>
> i'm experiementing with spice/libvirt.
>
> I like to achieve a secure (encrypted) connection to an qemu VM
> started by libvirt with client authentication based on certificates.
>
> I'm as far as having a running spice server on an tlsport.
>
> But from the documentation i could find, i suppose this connection is
> only validated in terms of server authenticity.
>
> The server does not validate the client certificate.
> Is that true?
Yes, as far as I know, the spice-server is not able to authenticate
clients connecting to it.
>
> Could you shed some light on how secure spice connection
> are supposed to work. Not having the client authenticated seems not
> correct in this scenario.
I agree that this is something which would be nice to have, though I
think this is the first time someone mentions this. Could you file a bug
for that?
Thanks,
Christophe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20150216/140a2c98/attachment.sig>
More information about the Spice-devel
mailing list