Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
the client_migrate_info host= value (proxyticket), seem to crash the client if the value is 247 characters. Do you think it's possible to reduce the proxyticket size ? I have thinked about it, as the proxyticket in sent through tls, maybe it's possible to create a ticket like vnc ticket. (I think it should be smaller). I'll do tests today. - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 17:28:47 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname I think I got how it's works. when we send client_migrate_info qmp, client is connecting to the standby target guest. (reconnect through the original http proxy) At the end of the migration, the client switch to the new host. the seamless-migration=on flag, help the client to do a transparent migration (copy mouse position, memory video state,etc...) One problem: the client_migrate_info host= value (proxyticket), seem to crash the client if the value is 247 characters. Do you think it's possible to reduce the proxyticket size ? - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 16:16:00 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname about seamless migration, they are 2 mode: true seamless migration, adding seamless-migration=on to spice server options. semi-semless migration (client disconnect/reconnect to spice). But documentation is not very clear, I don't known if I need to use client_migrate_info with true seamless mode. Also, in my firsts tests, spice client disconnect when receive client_migrate_info(it should wait for the end of the migration). I'll continue tests, I'll send a report tomorrow. - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 14:30:54 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname Works fine on my test cluster ! Thanks ! I'll try to see how seamless migration works. I known we can send new host,port values with qmp , but I don't known how it's works with proxy and proxyticket (as we have a timestamp). client_migrate_info -- Set the spice/vnc connection info for the migration target. The spice/vnc server will ask the spice/vnc client to automatically reconnect using the new parameters (if specified) once the vm migration finished successfully. Arguments: - protocol: protocol: spice or vnc (json-string) - hostname: migration target hostname (json-string) - port: spice/vnc tcp port for plaintext channels (json-int, optional) - tls-port: spice tcp port for tls-secured channels (json-int, optional) - cert-subject: server certificate subject (json-string, optional) - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 13:40:15 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname sorry, my fault, I didn't have updated qemuserver package I'm going testing it now - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 13:32:42 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname I have an error on the call to spiceproxy api. (missing the new proxy propery) https://kvmtest1.odiso.net:8006/api2/extjs/nodes/kvmtest1/qemu/115/spiceproxy?proxy=kvmtest1.odiso.net {success:0,errors:{proxy:property is not defined in schema and the schema does not allow additional properties},status:400,data:null,message:Parameter verification failed.\n} - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 12:36:34 Objet: RE: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname I don't known if you I have time to implement the proxy forward to connect on a vm on a remote node: ? client --- http connect proxy1 http connect proxy2 Just implemented that - please can you test? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
the client_migrate_info host= value (proxyticket), seem to crash the client if the value is 247 characters. Do you think it's possible to reduce the proxyticket size ? I have thinked about it, as the proxyticket in sent through tls, maybe it's possible to create a ticket like vnc ticket. (I think it should be smaller). AFAIK proxyticket is sent plain text. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
I'm reading the spice code to see why it don't take bigger string in client_info_migrate. (As it's working for initial connection, this is strange) I guess it is easy to create a shorter ticket - I will take a look at this now. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
I'm reading the spice code to see why it don't take bigger string in client_info_migrate. (As it's working for initial connection, this is strange) Sigh, I am unable to make the ticket smaller - sorry. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
Sigh, I am unable to make the ticket smaller - sorry. Does it need to be in plain text? What? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
On Fri, 19 Jul 2013 09:30:56 + Dietmar Maurer diet...@proxmox.com wrote: What? I was thinking of making it smaller by using compression. we are limited to use character [a-z0-9]. compression + quoted-printable or compression + base64 encoded ? -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- Q: What does it say on the bottom of Coke cans in North Dakota? A: Open other end. signature.asc Description: PGP signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
On Fri, 19 Jul 2013 09:30:56 + Dietmar Maurer diet...@proxmox.com wrote: What? I was thinking of making it smaller by using compression. we are limited to use character [a-z0-9]. compression + quoted-printable or compression + base64 encoded ? The result may only contain character [a-z0-9] (no binary data). ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
On Fri, 19 Jul 2013 09:45:40 + Dietmar Maurer diet...@proxmox.com wrote: The result may only contain character [a-z0-9] (no binary data). That is the point of quoted printable and base64? -- Hilsen/Regards Michael Rasmussen Get my public GnuPG keys: michael at rasmussen dot cc http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xD3C9A00E mir at datanom dot net http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE501F51C mir at miras dot org http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xE3E80917 -- Bad men live that they may eat and drink, whereas good men eat and drink that they may live. -- Socrates signature.asc Description: PGP signature ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
The result may only contain character [a-z0-9] (no binary data). That is the point of quoted printable and base64? no. Any why does that make the string smaller? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
Maybe can we try to compress the key with gzip, then convert it with base32 ? - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Michael Rasmussen m...@datanom.net, pve-devel@pve.proxmox.com Envoyé: Vendredi 19 Juillet 2013 12:06:23 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname The result may only contain character [a-z0-9] (no binary data). That is the point of quoted printable and base64? no. Any why does that make the string smaller? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
I'm reading the spice code to see why it don't take bigger string in client_info_migrate. (As it's working for initial connection, this is strange) Sigh, I am unable to make the ticket smaller - sorry. I guess I can make it smaller if I use the less secure pve-www.key - will try that now. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
Please wait a few minutes - I will try a more reasonable approach. -Original Message- From: Alexandre DERUMIER [mailto:aderum...@odiso.com] Sent: Freitag, 19. Juli 2013 12:13 To: Dietmar Maurer Cc: Michael Rasmussen; pve-devel@pve.proxmox.com Subject: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname Maybe can we try to compress the key with gzip, then convert it with base32 ? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
I have an error on the call to spiceproxy api. (missing the new proxy propery) https://kvmtest1.odiso.net:8006/api2/extjs/nodes/kvmtest1/qemu/115/spiceproxy?proxy=kvmtest1.odiso.net {success:0,errors:{proxy:property is not defined in schema and the schema does not allow additional properties},status:400,data:null,message:Parameter verification failed.\n} - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 12:36:34 Objet: RE: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname I don't known if you I have time to implement the proxy forward to connect on a vm on a remote node: ? client --- http connect proxy1 http connect proxy2 Just implemented that - please can you test? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
I don't known if you I have time to implement the proxy forward to connect on a vm on a remote node: ? client --- http connect proxy1 http connect proxy2 Just implemented that - please can you test? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
sorry, my fault, I didn't have updated qemuserver package I'm going testing it now - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 13:32:42 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname I have an error on the call to spiceproxy api. (missing the new proxy propery) https://kvmtest1.odiso.net:8006/api2/extjs/nodes/kvmtest1/qemu/115/spiceproxy?proxy=kvmtest1.odiso.net {success:0,errors:{proxy:property is not defined in schema and the schema does not allow additional properties},status:400,data:null,message:Parameter verification failed.\n} - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 12:36:34 Objet: RE: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname I don't known if you I have time to implement the proxy forward to connect on a vm on a remote node: ? client --- http connect proxy1 http connect proxy2 Just implemented that - please can you test? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
Works fine on my test cluster ! Thanks ! I'll try to see how seamless migration works. I known we can send new host,port values with qmp , but I don't known how it's works with proxy and proxyticket (as we have a timestamp). client_migrate_info -- Set the spice/vnc connection info for the migration target. The spice/vnc server will ask the spice/vnc client to automatically reconnect using the new parameters (if specified) once the vm migration finished successfully. Arguments: - protocol: protocol: spice or vnc (json-string) - hostname: migration target hostname (json-string) - port: spice/vnc tcp port for plaintext channels (json-int, optional) - tls-port: spice tcp port for tls-secured channels (json-int, optional) - cert-subject: server certificate subject (json-string, optional) - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 13:40:15 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname sorry, my fault, I didn't have updated qemuserver package I'm going testing it now - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 13:32:42 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname I have an error on the call to spiceproxy api. (missing the new proxy propery) https://kvmtest1.odiso.net:8006/api2/extjs/nodes/kvmtest1/qemu/115/spiceproxy?proxy=kvmtest1.odiso.net {success:0,errors:{proxy:property is not defined in schema and the schema does not allow additional properties},status:400,data:null,message:Parameter verification failed.\n} - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 12:36:34 Objet: RE: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname I don't known if you I have time to implement the proxy forward to connect on a vm on a remote node: ? client --- http connect proxy1 http connect proxy2 Just implemented that - please can you test? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
about seamless migration, they are 2 mode: true seamless migration, adding seamless-migration=on to spice server options. semi-semless migration (client disconnect/reconnect to spice). But documentation is not very clear, I don't known if I need to use client_migrate_info with true seamless mode. Also, in my firsts tests, spice client disconnect when receive client_migrate_info(it should wait for the end of the migration). I'll continue tests, I'll send a report tomorrow. - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 14:30:54 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname Works fine on my test cluster ! Thanks ! I'll try to see how seamless migration works. I known we can send new host,port values with qmp , but I don't known how it's works with proxy and proxyticket (as we have a timestamp). client_migrate_info -- Set the spice/vnc connection info for the migration target. The spice/vnc server will ask the spice/vnc client to automatically reconnect using the new parameters (if specified) once the vm migration finished successfully. Arguments: - protocol: protocol: spice or vnc (json-string) - hostname: migration target hostname (json-string) - port: spice/vnc tcp port for plaintext channels (json-int, optional) - tls-port: spice tcp port for tls-secured channels (json-int, optional) - cert-subject: server certificate subject (json-string, optional) - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 13:40:15 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname sorry, my fault, I didn't have updated qemuserver package I'm going testing it now - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 13:32:42 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname I have an error on the call to spiceproxy api. (missing the new proxy propery) https://kvmtest1.odiso.net:8006/api2/extjs/nodes/kvmtest1/qemu/115/spiceproxy?proxy=kvmtest1.odiso.net {success:0,errors:{proxy:property is not defined in schema and the schema does not allow additional properties},status:400,data:null,message:Parameter verification failed.\n} - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 12:36:34 Objet: RE: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname I don't known if you I have time to implement the proxy forward to connect on a vm on a remote node: ? client --- http connect proxy1 http connect proxy2 Just implemented that - please can you test? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
I think I got how it's works. when we send client_migrate_info qmp, client is connecting to the standby target guest. (reconnect through the original http proxy) At the end of the migration, the client switch to the new host. the seamless-migration=on flag, help the client to do a transparent migration (copy mouse position, memory video state,etc...) One problem: the client_migrate_info host= value (proxyticket), seem to crash the client if the value is 247 characters. Do you think it's possible to reduce the proxyticket size ? - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 16:16:00 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname about seamless migration, they are 2 mode: true seamless migration, adding seamless-migration=on to spice server options. semi-semless migration (client disconnect/reconnect to spice). But documentation is not very clear, I don't known if I need to use client_migrate_info with true seamless mode. Also, in my firsts tests, spice client disconnect when receive client_migrate_info(it should wait for the end of the migration). I'll continue tests, I'll send a report tomorrow. - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 14:30:54 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname Works fine on my test cluster ! Thanks ! I'll try to see how seamless migration works. I known we can send new host,port values with qmp , but I don't known how it's works with proxy and proxyticket (as we have a timestamp). client_migrate_info -- Set the spice/vnc connection info for the migration target. The spice/vnc server will ask the spice/vnc client to automatically reconnect using the new parameters (if specified) once the vm migration finished successfully. Arguments: - protocol: protocol: spice or vnc (json-string) - hostname: migration target hostname (json-string) - port: spice/vnc tcp port for plaintext channels (json-int, optional) - tls-port: spice tcp port for tls-secured channels (json-int, optional) - cert-subject: server certificate subject (json-string, optional) - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 13:40:15 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname sorry, my fault, I didn't have updated qemuserver package I'm going testing it now - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 13:32:42 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname I have an error on the call to spiceproxy api. (missing the new proxy propery) https://kvmtest1.odiso.net:8006/api2/extjs/nodes/kvmtest1/qemu/115/spiceproxy?proxy=kvmtest1.odiso.net {success:0,errors:{proxy:property is not defined in schema and the schema does not allow additional properties},status:400,data:null,message:Parameter verification failed.\n} - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com Cc: pve-devel@pve.proxmox.com Envoyé: Jeudi 18 Juillet 2013 12:36:34 Objet: RE: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname I don't known if you I have time to implement the proxy forward to connect on a vm on a remote node: ? client --- http connect proxy1 http connect proxy2 Just implemented that - please can you test? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
the proxy address is generated here : http://lists.freedesktop.org/archives/spice-devel/2012-August/010610.html +address = g_proxy_address_new(G_INET_ADDRESS(it-data), pport, http, + s-host, port, NULL, NULL); +if (address != NULL) (NULL,NULL are login/password, so we just need to extend the proxy parameter in the spice lib (client side) something like = http://user:pass@host:port Sigh, so we cannot encode anything in the host. And try to push it upstream. Maybe, but that can take a long time? Just found the following in virt-viewer-file.c: * - ca: string PEM data (use \n to seperate the lines) * - host-subject: string What is 'host-subject' used for? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
I don't known if the ssl host verification is done on client side or server side ? Seem to be done client side, here: http://cgit.freedesktop.org/spice/spice-gtk/commit/?id=b2018477615a81a7c3f08257ab79f6c1936f9e09 maybe host-subject can help ? host-subject=OU=PVE Cluster Node,O=Proxmox Virtual Environment,CN=base32ticket - Mail original - De: Alexandre DERUMIER aderum...@odiso.com À: Dietmar Maurer diet...@proxmox.com Cc: pve-devel@pve.proxmox.com Envoyé: Mercredi 17 Juillet 2013 08:23:05 Objet: Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname Sigh, so we cannot encode anything in the host. I don't known if the ssl host verification is done on client side or server side ? (If it's server side, we could hack the spicelib to get the host from the ticket value) And try to push it upstream. Maybe, but that can take a long time? Don't known, they are a new spice release around each 3 month. But then some distro like debian will not update it soon. What is 'host-subject' used for? It's require if the host value (dns name) don't match the hostname on the server. Should be something like this: real server hostname = kvmtest1.odiso.net host=kvm.odiso.net host-subject=OU=PVE Cluster Node,O=Proxmox Virtual Environment,CN=kvmtest1.odiso.net (It's for certificate verification) - Mail original - De: Dietmar Maurer diet...@proxmox.com À: Alexandre DERUMIER aderum...@odiso.com, pve-devel@pve.proxmox.com Envoyé: Mercredi 17 Juillet 2013 08:15:23 Objet: RE: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname the proxy address is generated here : http://lists.freedesktop.org/archives/spice-devel/2012-August/010610.html + address = g_proxy_address_new(G_INET_ADDRESS(it-data), pport, http, + s-host, port, NULL, NULL); + if (address != NULL) (NULL,NULL are login/password, so we just need to extend the proxy parameter in the spice lib (client side) something like = http://user:pass@host:port Sigh, so we cannot encode anything in the host. And try to push it upstream. Maybe, but that can take a long time? Just found the following in virt-viewer-file.c: * - ca: string PEM data (use \n to seperate the lines) * - host-subject: string What is 'host-subject' used for? ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
I don't known if you I have time to implement the proxy forward to connect on a vm on a remote node: ? client --- http connect proxy1 http connect proxy2 I will try to implement that tomorrow. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel