[ovirt-users] Re: websockify + ovirt

[Pascal D]

Michal,

Could you explain in details this part of your email?

> We modified the client to sign the request for proxy that is verified by the 
> (also
> modified) proxy. There are small changes but they would need to be done for 
> any other
> client you’re trying to use (and for the proxy if you’d want to use a 
> non-ovirt
> websockify)

Where can i find this information? Right now, using the stock websockify and 
using my version of flexVDI (which works BTW perfectly with libvirt qxl 
protected by password) and a valid SSL certificates between browser and proxy, 
I am getting this error when trying to connect to ovirt:

```
+ exec python3 -m websockify 5959 --verbose --record /tmp/websockify.log 
--cert=/etc/letsencrypt/live/ws1.xxxx.net/cert.pem 
--key=/etc/letsencrypt/live/ws1.xxx.net/privkey.pem --ssl-target --ssl-only 
--verify-client --cafile=/tmp/cafile-143249.crt '--ssl-ciphers=HIGH:!aNULL' 
xx.xxx.xxx.xxx:5915

WebSocket server settings:
  - Listen on :5959
  - SSL/TLS support
  - Deny non-SSL/TLS connections
  - Recording to '/tmp/websockify.log.*'
  - proxying from :5959 to xx.xxx.xxx.xxx:5915 (using SSL)
70.182.176.222: new handler Process
handler exception: [Errno 0] Error
exception
Traceback (most recent call last):
  File "/var/www/websockify/websockify/websockifyserver.py", line 662, in 
top_new_client
    client = self.do_handshake(startsock, address)
  File "/var/www/websockify/websockify/websockifyserver.py", line 565, in 
do_handshake
    retsock = context.wrap_socket(
  File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
    return self.sslsocket_class._create(
  File "/usr/lib/python3.8/ssl.py", line 1040, in _create
    self.do_handshake()
  File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
    self._sslobj.do_handshake()
OSError: [Errno 0] Error

```

so it seems my main problem is SSL between the webproxy and ovirt. I am just 
not sure how to debug this.  Is the connection between the proxy and the host 
encrypted? If yes, what role does the cafile received in the console.vv plays 
and what about the host-subject.  this is the part I am missing
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/B7TKD27A4TWK26PFVDQV27QQMKA55YWX/