[pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname

Alexandre DERUMIER aderumier at odiso.com
Wed Jul 17 12:22:23 CEST 2013


>>OK, I have just committed an initial version using a local tcp port and TLS (qemu-server/pve-manager). 
>>
>>Please can you test if that works for you also? 

Works perfectly ! Thanks !


>>I guess in future we need to extract 'host-subject' from /etc/pve/local/pve-ssl.pem, maybe with: 
>>
>># openssl x509 -in /etc/pve/local/pve-ssl.pem -noout -subject 
>>
>>what you you think? 

Yes ! As maybe users use their own certificates, we need to do it like this.




I don't known if you I have time to implement the proxy forward to connect on a vm on a remote node: ?

client ---> http connect proxy1----> http connect proxy2






----- Mail original ----- 

De: "Dietmar Maurer" <dietmar at proxmox.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: pve-devel at pve.proxmox.com 
Envoyé: Mercredi 17 Juillet 2013 11:57:32 
Objet: RE: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname 

> > maybe host-subject can help ? 
> > 
> > host-subject="OU=PVE Cluster Node,O=Proxmox Virtual 
> > Environment,CN=base32ticket" 
> 
> yes, that is what I thought - will test later. 

OK, I have just committed an initial version using a local tcp port and TLS (qemu-server/pve-manager). 

Please can you test if that works for you also? 

I guess in future we need to extract 'host-subject' from /etc/pve/local/pve-ssl.pem, maybe with: 

# openssl x509 -in /etc/pve/local/pve-ssl.pem -noout -subject 

what you you think? 



More information about the pve-devel mailing list