Hi guys, I met a problem when I use tls to connect libvirt. When I set the CN in client.info, server.info as hostname(FDQN), the tls check will fail with ip; and vice versa, when set CN as ip address, the tls check will fail with hostname. Only use what we set in can succeed. If this is expected? or I there was some issue in my env. or setup steps?
1. set tls env with hostname, then it will fail to check with ip # virsh -c qemu+tls://192.168.122.4/system 2017-12-06 13:24:52.346+0000: 3954: info : libvirt version: x.x.x, package: 4.el7 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2017-11-30-07:57:27, x.x.x.redhat.com) 2017-12-06 13:24:52.346+0000: 3954: info : hostname: work.englab.cn 2017-12-06 13:24:52.346+0000: 3954: warning : virNetTLSContextCheckCertificate:1125 : Certificate check failed Certificate [session] owner does not match the hostname 192.168.122.4 error: failed to connect to the hypervisor error: authentication failed: Failed to verify peer's certificate 2. use the hostname as what we set can succeed. # virsh -c qemu+tls://test.englab.cn/system Welcome to virsh, the virtualization interactive terminal. Type: 'help' for help with commands 'quit' to quit virsh # # ping test.englab.cn PING test.englab.cn (192.168.122.4) 56(84) bytes of data. 64 bytes from test.englab.cn (192.168.122.4): icmp_seq=1 ttl=64 time=0.235 ms 64 bytes from test.englab.cn (192.168.122.4): icmp_seq=2 ttl=64 time=0.204 ms ... ------- Best Regards, Yalan Zhang
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
