I don't see how to workaround this. Best way should be to add http authentification to client,
I don't known why they don't have already do it , because all is already more or less done in the code http://lists.freedesktop.org/archives/spice-devel/2012-August/010607.html +create_request (GProxyAddress *proxy_address, gboolean *has_cred) +{ + const gchar *hostname; + gint port; + const gchar *username; + const gchar *password; + GString *request; + gchar *ascii_hostname; + + if (has_cred) + *has_cred = FALSE; + + hostname = g_proxy_address_get_destination_hostname (proxy_address); + port = g_proxy_address_get_destination_port (proxy_address); + username = g_proxy_address_get_username (proxy_address); + password = g_proxy_address_get_password (proxy_address); + + request = g_string_new (NULL); + + ascii_hostname = g_hostname_to_ascii (hostname); + g_string_append_printf (request, + "CONNECT %s:%i HTTP/1.0\r\n" + "Host: %s:%i\r\n" + "Proxy-Connection: keep-alive\r\n" + "User-Agent: GLib/%i.%i\r\n", + ascii_hostname, port, + ascii_hostname, port, + GLIB_MAJOR_VERSION, GLIB_MINOR_VERSION); + g_free (ascii_hostname); + + if (username != NULL && password != NULL) + { + gchar *cred; + gchar *base64_cred; + + if (has_cred) + *has_cred = TRUE; + + cred = g_strdup_printf ("%s:%s", username, password); + base64_cred = g_base64_encode ((guchar *) cred, strlen (cred)); + g_free (cred); + g_string_append_printf (request, + "Proxy-Authorization: %s\r\n", + base64_cred); + g_free (base64_cred); + } + + g_string_append (request, "\r\n"); + + return g_string_free (request, FALSE); +} the proxy address is generated here : http://lists.freedesktop.org/archives/spice-devel/2012-August/010610.html + address = g_proxy_address_new(G_INET_ADDRESS(it->data), pport, "http", + s->host, port, NULL, NULL); + if (address != NULL) (NULL,NULL are login/password, so we just need to extend the proxy parameter in the spice lib (client side) something like = http://user:pass@host:port And try to push it upstream. ----- Mail original ----- De: "Alexandre DERUMIER" <aderum...@odiso.com> À: pve-devel@pve.proxmox.com Envoyé: Mercredi 17 Juillet 2013 03:50:23 Objet: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname I'm doing tests with spice-tls (through tcp localhost) + http proxy, and bad new, I have an error because of the host header (/usr/bin/remote-viewer:3241): Spice-Warning **: ssl_verify.c:484:openssl_verify: ssl: hostname 'pvespiceproxy:51e5f4e6:115:kvmtest1::bef6c2fbe7f1bcd464e939ce332db24d4162dc0a8996f9e9e087a9916f25652a00b1b92c5ef400926288bf8efa9bc4b43e38fb61271d00fbf4d1c3d307845d17f3a54df24ab3e018f6892683c0b048782f434b75a1737c6b2279a2117e3d5f061e76f0f0e2d317155b05db36dbf6674a8c5576fa2ea2c2d7afa539dcaa2a2c4e25b82b34a02cd477527c6f26422016c6695467f2b584dc70e398faadb4a1dae214d007ac22c7b22d63dca8a8e9f82b0886be9315f94e1ff347ceb85559baf55189729da26d0106fc0aed809cc4eceb4e68bfcd1b1c77ec6d21da193e1212b04d78033a52cbef25e51fbe58b6eef4bd4b4b7af7d795b01d7a3c5a65ccb719fe8e' verification failed (/usr/bin/remote-viewer:3241): Spice-Warning **: ssl_verify.c:489:openssl_verify: ssl: verification failed (remote-viewer:3241): GSpice-WARNING **: main-1:0: SSL_connect: error:00000001:lib(0):func(0):reason(1) I'll to find a workaround for this ..... _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel