Public bug reported: Binary package hint: libvirt-bin
I'm having a problem with remote TLS libvirt connections from a jaunty client. I just upgraded my client to jaunty from Intrepid and I can no longer connect to hardy or intrepid libvirt servers that have TLS enabled. I get the following errors: $ virt-viewer -c qemu+tls://example.com/system virt.example.com libvir: Remote error : server certificate failed validation: The certificate is not trusted. libvir: Remote error : unable to connect to 'example.com': Invalid argument unable to connect to libvirt qemu+tls://example.com/system $ In the past (ie hardy, intrepid) I was able to use the following command. Now I get an error: $ virt-viewer -c qemu://example.com/system virt.example.com libvir: error : could not connect to qemu://example.com/system unable to connect to libvirt qemu://example.com/system $ The server's config has not changed (I've tested against libvirt-bin versions 0.4.4-3ubuntu3.1 and 0.4.0-2ubuntu8.1 on the server side). I have the CA certificate installed on both server and client (in /etc/pki/CA/cacert.pem). That cert signed both my x509 client cert and the server cert. Here is some proof that it *should* work: $ openssl s_client -CAfile /etc/pki/CA/cacert.pem -cert /etc/pki/libvirt/clientcert.pem -key /etc/pki/libvirt/private/clientkey.pem -connect example.com:16514 2>/dev/null|sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' >servercert.pem $ openssl verify -CAfile /etc/pki/CA/cacert.pem servercert.pem servercert.pem: OK $ openssl verify -CAfile /etc/pki/CA/cacert.pem /etc/pki/libvirt-vnc/clientcert.pem /etc/pki/libvirt-vnc/clientcert.pem: OK $ When I run strace against virt-viewer I can see that it is accessing and (successfully opening) the correct certs/keys: $ grep /etc/pki /tmp/out stat64("/etc/pki/CA/cacert.pem", {st_mode=S_IFREG|0644, st_size=1716, ...}) = 0 stat64("/etc/pki/libvirt/private/clientkey.pem", {st_mode=S_IFREG|0644, st_size=887, ...}) = 0 stat64("/etc/pki/libvirt/clientcert.pem", {st_mode=S_IFREG|0644, st_size=1172, ...}) = 0 open("/etc/pki/CA/cacert.pem", O_RDONLY) = 5 open("/etc/pki/libvirt/private/clientkey.pem", O_RDONLY) = 5 open("/etc/pki/libvirt/clientcert.pem", O_RDONLY) = 5 $ I'm using virt-viewer 0.0.3-6ubuntu7 and libvirt-bin 0.6.1-0ubuntu5 ** Affects: libvirt (Ubuntu) Importance: Undecided Status: New -- qemu+tls server certificate validation failure (The certificate is not trusted) https://bugs.launchpad.net/bugs/366455 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs