[pve-devel] spice problems

Dietmar Maurer dietmar at proxmox.com
Thu Jan 5 20:18:30 CET 2017



> On January 5, 2017 at 8:02 PM Michael Rasmussen <mir at datanom.net> wrote:
> 
> 
> On Thu, 5 Jan 2017 16:21:38 +0100 (CET)
> Dietmar Maurer <dietmar at proxmox.com> wrote:
> 
> > 
> > If you do not want to debug yourself, please can you file a 
> > bug at bugzilla.proxmox.com?
> > 
> I will do that but I think I have nailed the problem down to either
> wrong instructions on the wiki or some kind af regression in pveproxy.
> 
> The certificate inside the pveproxy ticket is this one:
> openssl x509 -in /tmp/cert -text -noout
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number:
>             98:97:1d:5b:17:b7:bc:7c
>     Signature Algorithm: sha256WithRSAEncryption
>         Issuer: CN = Proxmox Virtual Environment, OU =
> d43de9da-071f-4ae5-b05b-a31593bb5668, O = PVE Cluster Manager CA
>         Validity
>             Not Before: Dec 30 00:38:47 2016 GMT
>             Not After : Dec 28 00:38:47 2026 GMT
>         Subject: CN = Proxmox Virtual Environment, OU =
> d43de9da-071f-4ae5-b05b-a31593bb5668, O = PVE Cluster Manager CA
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>                 Public-Key: (4096 bit)
>                 Modulus:
>                     00:b2:c6:e5:a5:e6:8f:7e:48:44:2a:ca:40:50:b2:
>                     8c:67:45:6a:ee:27:31:21:5d:3b:99:5b:71:8d:fe:
>                     7c:74:e7:5f:5f:65:e1:74:55:a1:45:38:c8:1c:43:
>                     7c:3e:d8:bd:d0:e1:49:f1:3b:2b:9e:78:eb:49:71:
>                     54:27:2d:72:b5:0f:c3:5f:73:f0:22:6e:6c:cf:7b:
>                     22:3d:fe:b4:cf:3b:61:43:7e:c9:54:a7:91:1b:33:
>                     70:b2:4f:42:08:c0:a5:da:19:df:8d:02:f0:e9:0e:
>                     db:dd:a1:c2:22:01:d1:4d:5c:41:e7:ac:3b:42:63:
>                     f5:36:2d:56:94:7b:35:90:cc:a4:5d:6f:35:9d:c7:
>                     43:72:c4:f2:8c:84:cf:fa:fa:bd:26:0b:04:bd:63:
>                     57:ac:42:ba:d8:c4:72:65:d8:15:85:27:64:96:6c:
>                     6a:24:6e:5a:42:1c:c4:c6:4a:14:c9:f5:9f:4b:45:
>                     0e:82:9f:ad:75:b6:8a:72:62:91:e9:1c:3d:04:5b:
>                     a9:49:ee:d6:7b:80:41:bb:04:e5:dc:51:5a:6b:c6:
>                     82:e7:ad:2d:df:88:c3:f1:01:ea:c0:dc:ad:29:87:
>                     78:64:fa:0b:ac:3f:fa:f4:3e:8b:02:98:c3:4c:d3:
>                     9f:e7:79:6a:ca:8a:85:0a:4b:78:5a:b2:89:a9:d2:
>                     03:d2:5c:38:23:88:43:b2:aa:d5:62:69:e1:95:cf:
>                     11:5a:83:56:6c:69:ee:5d:87:2a:eb:b3:ae:04:ed:
>                     05:bc:1d:97:94:30:2e:05:3b:0a:7a:ac:a8:11:c8:
>                     fc:3b:55:17:9c:30:2e:60:72:db:06:f7:b3:f1:ef:
>                     6d:aa:33:8f:4b:27:4c:96:aa:d8:f6:3d:52:c8:ee:
>                     cf:48:13:e3:15:a1:ed:8a:69:d3:68:9b:fe:fd:e3:
>                     f7:3b:3e:b1:06:02:c8:43:45:d3:85:03:ae:d7:6c:
>                     cd:3b:d2:49:7d:a4:d8:52:7e:e5:8c:18:49:84:65:
>                     a0:a6:13:97:6f:b2:77:c5:05:bd:79:97:19:4a:8e:
>                     4e:01:f2:11:31:e3:a0:83:4d:3a:b7:78:01:9f:55:
>                     24:4f:bd:5f:81:d3:83:7f:f0:17:b0:e0:da:13:12:
>                     29:21:d0:53:e5:aa:3e:a9:de:73:f8:59:41:98:44:
>                     45:1c:6e:a6:ec:e5:bf:34:58:00:fe:ce:de:76:88:
>                     89:65:1f:5f:7c:ea:5e:e4:54:2c:92:d1:b9:a6:41:
>                     54:6e:83:6c:ae:44:ff:dd:0d:0e:b8:a5:5c:5d:98:
>                     17:c3:6d:19:9a:9d:95:13:13:92:7f:26:c8:ca:6b:
>                     3e:9a:6f:8d:d8:8e:49:d9:f8:41:a0:bb:ca:f1:ab:
>                     7f:45:bb
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>             X509v3 Subject Key Identifier: 
>                 89:8C:D1:79:FC:90:92:E4:FD:E7:60:54:D4:47:23:DA:DD:71:25:66
>             X509v3 Authority Key Identifier: 
> 
>                keyid:89:8C:D1:79:FC:90:92:E4:FD:E7:60:54:D4:47:23:DA:DD:71:25:66
> 
>             X509v3 Basic Constraints: 
>                 CA:TRUE
>     Signature Algorithm: sha256WithRSAEncryption
>          0e:9d:f2:7e:7a:77:86:08:3c:8f:71:c4:2b:c0:ce:ae:e8:61:
>          3c:5f:a6:23:94:14:0f:90:a8:b3:0d:b7:e5:4e:0a:8a:25:85:
>          2e:5d:a1:91:fa:4c:9e:40:9d:9a:18:f5:e6:8e:5e:36:fc:2d:
>          6c:76:4e:e9:43:40:5c:e2:24:38:02:df:2a:ee:9d:2f:c5:82:
>          64:fe:21:87:a0:91:99:5f:3e:1a:29:60:19:bd:f5:0e:fe:d9:
>          27:ed:05:ab:4c:41:8f:0c:9f:c1:2f:8d:cd:93:3a:e9:d3:c3:
>          42:c9:96:72:04:66:62:36:3b:6f:47:66:c8:32:19:ab:82:1a:
>          5e:d8:69:19:49:dd:e8:a3:90:6e:e1:a1:e7:aa:a1:de:38:ef:
>          34:19:a9:eb:de:e4:aa:ca:1d:e0:b6:14:94:91:c8:32:c0:23:
>          65:34:68:c0:0a:bc:bf:bc:ca:b1:29:5a:64:2c:03:a1:8c:da:
>          c1:d6:6e:95:cf:86:1c:19:e5:30:c1:15:b6:43:db:69:20:95:
>          1e:c2:66:fa:89:d0:56:4f:53:2b:54:a1:0d:63:65:45:66:dd:
>          ba:07:bd:4d:21:c4:a7:cf:f1:b1:08:45:f4:c9:13:6b:b6:89:
>          c6:9e:cf:2b:a6:5c:4b:9e:cb:17:83:1d:86:5f:0a:be:84:ab:
>          15:2e:58:e9:83:80:ca:41:42:6a:51:16:a8:e5:cc:fb:13:2a:
>          08:2c:dc:13:64:c2:8c:ea:9d:62:a2:1e:b7:9d:ff:73:4f:56:
>          2b:d8:c3:90:a8:35:fd:b6:43:bb:42:69:14:fe:db:5b:6b:2f:
>          f6:4d:29:ef:8e:83:90:fa:1d:45:ea:59:3a:f5:b9:db:b1:18:
>          19:3c:1b:f8:bd:50:3a:62:fb:36:49:fa:94:b7:be:97:f8:08:
>          00:43:b6:f2:ae:fa:e9:8c:61:3f:0a:82:12:1f:b1:6d:a0:92:
>          91:9e:a2:8a:fb:b4:7d:3c:70:67:1d:a0:e7:42:bb:5a:b7:4b:
>          68:16:aa:87:d0:d4:02:55:f8:e9:d6:33:36:68:5a:c4:df:07:
>          dd:d3:42:0e:00:b1:e6:21:65:ed:84:df:b5:d8:c0:de:dd:e7:
>          94:07:8e:67:57:40:04:ca:37:2f:92:7d:46:47:de:51:ce:f4:
>          c1:17:04:f0:57:bb:b2:29:75:6d:5c:6e:a5:00:81:cd:83:07:
>          0b:cd:ea:e4:9a:f9:24:7d:6b:4d:dd:8a:d9:14:a5:ee:b9:65:
>          fd:3a:61:fa:05:57:14:45:af:c5:e4:8b:c1:f7:72:16:c3:6f:
>          db:08:75:c8:9e:e8:7d:16:66:08:e3:70:3c:9f:f8:9d:74:a8:
>          70:1a:fa:1a:ff:75:a7:4c
> 
> Should that not have been the custom certificate?

No, we do not use the custom certificate for spice ...



More information about the pve-devel mailing list