[Spice-devel] SPICE on libvirt/qemu with TLS

[Joerg]

Hello,

i'm experiementing with spice/libvirt.

I like to achieve a secure (encrypted) connection to an qemu VM
started by libvirt with client authentication based on certificates.

I'm as far as having a running spice server on an tlsport.

But from the documentation i could find, i suppose this connection is
only validated in terms of server authenticity.

The server does not validate the client certificate.
Is that true?

Could you shed some light on how secure spice connection
are supposed to work. Not having the client authenticated seems not
correct in this scenario.


Greetings,
   Jörg