[Bug 1078052] [NEW] TLS fails to work with Spice due to possible bug related to a similar issue in Red Hat under certain circumstances

Mon, 12 Nov 2012 10:20:49 -0800 

Public bug reported:

Hi after going through a common prcedure to create a self signed
certificate, using the default directory, the VM log reports that it
cannot load the certificates, a similar log response was seen in Red Hat
with spice, where the path was not set despite being set in qemu.conf,
the solution for red hat cannot be applied to Ubuntu directly.

((null):2176): Spice-Warning **: reds.c:3307:reds_init_ssl: Could not load 
certificates from /etc/pki/libvirt-spice/server-cert.pem
((null):2176): Spice-Warning **: reds.c:3317:reds_init_ssl: Could not use 
private key file
((null):2176): Spice-Warning **: reds.c:3325:reds_init_ssl: Could not use CA 
file /etc/pki/libvirt-spice/ca-cert.pem

TLS is enabled, and the path used is the default /etc/pki/libvirt-spice
path, with both the path specified uncommented and commented out and
left as default.

Key creation was as follows

openssl genrsa -des3 -out ca-key.pem 1024
openssl req -new -x509 -days 1095 -key ca-key.pem -out ca-cert.pem -utf8 -subj 
"/C=IL/L=Raanana/O=Red Hat/CN=my CA"
openssl genrsa -out server-key.pem 1024
openssl req -new -key server-key.pem -out server-key.csr -utf8 -subj 
"/C=IL/L=Raanana/O=Red Hat/CN=my server"
openssl x509 -req -days 1095 -in server-key.csr -CA ca-cert.pem -CAkey 
ca-key.pem -set_serial 01 -out server-cert.pem
openssl rsa -in server-key.pem -out server-key.pem.insecure
mv server-key.pem server-key.pem.secure
mv server-key.pem.insecure server-key.pem

location permissions and file were set with libvirt-qemu as the owner.

Any advice on whether this is an error bby me or a fixable configuration
issue would be appreciated

Ubuntu 12.10

qemu-kvm-spice:
  Installed: 1.2.0-2012.09-0ubuntu1
  Candidate: 1.2.0-2012.09-0ubuntu1
  Version table:
 *** 1.2.0-2012.09-0ubuntu1 0
        500 http://gb.archive.ubuntu.com/ubuntu/ quantal/universe amd64 Packages
        100 /var/lib/dpkg/status

** Affects: qemu-kvm-spice (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1078052

Title:
  TLS fails to work with Spice due to possible bug related to a similar
  issue in Red Hat under certain circumstances

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/qemu-kvm-spice/+bug/1078052/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to