Hi, a note on the CA certificate. I asked both on IRC and in the spice-devel ML [1] what is the point of using the CA certificate to verify the server certificate, but got no satisfactory reply. Two devs replied to me (one in IRC and one via private mail) saying that probably so far the CA certificate is not used.
Also, the relevant SPICE code (a snippet of which is in [1]) is not helpful. It just requires the cacert without further comments and aborts if it is not passed. I suspect that the requirement of the CA certificate is just a bug in the SPICE server interface, but in order to be able to interact with existing qemu-kvm and SPICE installations we will need to cope with it and require the user to pass the CA certificate. If the user lets Ganeti manage the SPICE certificates, it is all done automatically and one does not need to worry about passing certificates. Once the patches will be approved and pushed, I will write some doc for this feature. Thanks, Andrea [1] http://lists.freedesktop.org/archives/spice-devel/2011-September/005366.html
