[pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
Alexandre DERUMIER
aderumier at odiso.com
Wed Jul 17 12:22:23 CEST 2013
>>OK, I have just committed an initial version using a local tcp port and TLS (qemu-server/pve-manager).
>>
>>Please can you test if that works for you also?
Works perfectly ! Thanks !
>>I guess in future we need to extract 'host-subject' from /etc/pve/local/pve-ssl.pem, maybe with:
>>
>># openssl x509 -in /etc/pve/local/pve-ssl.pem -noout -subject
>>
>>what you you think?
Yes ! As maybe users use their own certificates, we need to do it like this.
I don't known if you I have time to implement the proxy forward to connect on a vm on a remote node: ?
client ---> http connect proxy1----> http connect proxy2
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mercredi 17 Juillet 2013 11:57:32
Objet: RE: [pve-devel] spice tls + proxy: ssl_verify.c:484:openssl_verify: ssl: hostname
> > maybe host-subject can help ?
> >
> > host-subject="OU=PVE Cluster Node,O=Proxmox Virtual
> > Environment,CN=base32ticket"
>
> yes, that is what I thought - will test later.
OK, I have just committed an initial version using a local tcp port and TLS (qemu-server/pve-manager).
Please can you test if that works for you also?
I guess in future we need to extract 'host-subject' from /etc/pve/local/pve-ssl.pem, maybe with:
# openssl x509 -in /etc/pve/local/pve-ssl.pem -noout -subject
what you you think?
More information about the pve-devel
mailing list