[ovirt-users] Re: websockify + ovirt

2021-03-24 Thread Pascal D 
finally got it. I needed to force --ssl-version=tls1.2  I will write a summary 
of my findings fot anyone interested. 
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/2QV6JYHD6KLKEGQ6KKC6WGFGYICGQOPH/

[ovirt-users] Re: websockify + ovirt

2021-03-24 Thread Pascal D 
I think part of my misunderstanding is that ovirt-websocket-proxy does a few 
things behind the scene as it is not the source of the initial connection to 
ovirt.

I am going another route. My proxy are servers which get the console.vv file 
from ovirt when they are alerted someone wants to make a webview to a 
particular Vm. at that point it requests the console.vv file from ovirt using 
rest api and then create the websockify process with a random port which they 
send back to the requesting app via another secure channel. The receiving app 
then launches a browser tab connecting the web-spice-client to the address of 
the webproxy and the port.

the http connection is encrypted using a letsencrypt certificate and that is 
working fine. The part I am having difficulties is the connection part between 
the web proxy and the ovirt host. Ovirt expect it to be encapsulated in TLS/1.2 
if I am not mistaken, but can't figure out how to make websockify to use the 
cafile, ssl-cyphers and the host-subject to do so. I am missing a part which I 
think should be simple for someone understanding ssl better than I do

Thanks
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/FHLRE7GU2GVUX3DEJHB2QGCZB7JMXRVO/

[ovirt-users] Re: websockify + ovirt

2021-03-23 Thread Pascal D 
Michal,

Could you explain in details this part of your email?

> We modified the client to sign the request for proxy that is verified by the 
> (also
> modified) proxy. There are small changes but they would need to be done for 
> any other
> client you’re trying to use (and for the proxy if you’d want to use a 
> non-ovirt
> websockify)

Where can i find this information? Right now, using the stock websockify and 
using my version of flexVDI (which works BTW perfectly with libvirt qxl 
protected by password) and a valid SSL certificates between browser and proxy, 
I am getting this error when trying to connect to ovirt:

```
+ exec python3 -m websockify 5959 --verbose --record /tmp/websockify.log 
--cert=/etc/letsencrypt/live/ws1..net/cert.pem 
--key=/etc/letsencrypt/live/ws1.xxx.net/privkey.pem --ssl-target --ssl-only 
--verify-client --cafile=/tmp/cafile-143249.crt '--ssl-ciphers=HIGH:!aNULL' 
xx.xxx.xxx.xxx:5915

WebSocket server settings:
  - Listen on :5959
  - SSL/TLS support
  - Deny non-SSL/TLS connections
  - Recording to '/tmp/websockify.log.*'
  - proxying from :5959 to xx.xxx.xxx.xxx:5915 (using SSL)
70.182.176.222: new handler Process
handler exception: [Errno 0] Error
exception
Traceback (most recent call last):
  File "/var/www/websockify/websockify/websockifyserver.py", line 662, in 
top_new_client
client = self.do_handshake(startsock, address)
  File "/var/www/websockify/websockify/websockifyserver.py", line 565, in 
do_handshake
retsock = context.wrap_socket(
  File "/usr/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
  File "/usr/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
  File "/usr/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
OSError: [Errno 0] Error

```

so it seems my main problem is SSL between the webproxy and ovirt. I am just 
not sure how to debug this.  Is the connection between the proxy and the host 
encrypted? If yes, what role does the cafile received in the console.vv plays 
and what about the host-subject.  this is the part I am missing
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/B7TKD27A4TWK26PFVDQV27QQMKA55YWX/

[ovirt-users] Re: websockify + ovirt

2021-03-23 Thread Pascal D 
Michal,

Thank you for your response. I know I am all over the place as I am trying to 
figure what works and what doesn't. What I know so far is this. 
spice-web-client from eyeos  https://github.com/eyeos/spice-web-client and the 
forked version from flex-vdi https://github.com/flexVDI/spice-web-client work 
great with an unmodified websockify proxy and a spice enabled libvirt VM. I 
have tested it, and the only few things missing are USB support, multi-monitors 
and file xfer. But the performance are great and can play sound and videos. All 
in all those guys did an amazing work. So I am trying to take it further and 
have it working with ovirt.

My first step was to try to understand how remote-viewer was connecting to 
ovirt. I was able to find out that out of the console.vv file only host, port, 
password, tls-port and host-subject and ca. I then tried to understand where in 
remote-viewer the authentication happened and in what form. So far I have track 
it down to spice-gtk. I am still looking there.

I also tried to understand how ovirt websockify version was working but not 
knowing for sure that it is indeed working make it challenging. Again I don't 
quite understand the steps it does to start the proxying. It seems to me that 
it trap the authentication and do its own but since I don't have a client 
working I can't really tell. the websockify guys say the authentication should 
happen on the client but when I look at the websocket-proxy code from ovirt it 
seems it is happening on the proxy.

So what am I looking for is an example of a client (in whatever language) that 
authenticate against ovirt so that I can test it and adapt it to 
spice-web-client.  Any help would be appreciated.

Here are some questions I have:

why is there a port and a tls-port? what the purpose of port? When I filter it 
out of console.vv, remote-viewer is still able to work with ovirt.
What's the purpose of host-subject? How is it used? How is it sent to ovirt.  
Same for password?  What the protocol there?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/D32MRAANPFOWH5LBRGTB7RHVPH746LRQ/

[ovirt-users] Re: websockify + ovirt

2021-03-23 Thread Michal Skrivanek 


> On 19. 3. 2021, at 20:26, Pascal DeMilly  wrote:
> 
> I will. I wish there was more documentation on how all of this works. My 
> current test sniffing the network show that actually the traffic is not on 
> the port as defined in the console file but on the tls-port of that file.  so 
> I am a little confused how all of this works. And since everything is  SSLed 
> it is quite difficult to know what is happening

Hi,
I don’t entirely follow your steps, but let me try to describe the ovirt 
specific implementation. spice-html5 used to work, but we removed it couple 
releases back since it’s not performing well and it’s not maintained much. It 
worked the same way as novnc.

We need to secure the communication between the client and the proxy(which is 
done by wss) and also make sure that only authorized targets are being proxied, 
and not any random request.
In oVirt we add one more layer to the stock novnc-websockify communication.  It 
could be that websockify added these options later on but when we integrated 
these consoles it had nothing.
We modified the client to sign the request for proxy that is verified by the 
(also modified) proxy. There are small changes but they would need to be done 
for any other client you’re trying to use (and for the proxy if you’d want to 
use a non-ovirt websockify)

HTH.
michal

> 
> On Fri, Mar 19, 2021 at 11:28 AM Vincent Royer  > wrote:
> Obviously I am assuming spice-html5 works with ovirt. Maybe it doesn't. I was 
> never able to make it work except with direct libvirt over spice.
> 
> I could never get the html5 implementation working.  If you get this new 
> spice-web-client working, please post your config to the list!
> 
>  
> ___
> Users mailing list -- users@ovirt.org 
> To unsubscribe send an email to users-le...@ovirt.org 
> 
> Privacy Statement: https://www.ovirt.org/privacy-policy.html 
> 
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/ 
> 
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/W3TBF4XPURKRVI2J3AWUDCTRCTYYHXGZ/
>  
> 
> ___
> Users mailing list -- users@ovirt.org 
> To unsubscribe send an email to users-le...@ovirt.org 
> 
> Privacy Statement: https://www.ovirt.org/privacy-policy.html 
> 
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/ 
> 
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/PJIOIEM5XXYZRAXQQJCS6MWPP3POBPMY/
>  
> 
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/6XTZH5LS63MEL6LO4PY3UGQAWKT24SCW/

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XFUOLQ3HMXR4RHHDTQWEBMFJULXSQAU5/

[ovirt-users] Re: websockify + ovirt

2021-03-22 Thread Pascal D 
Has someone able to get spice-html5 or any other web client working with ovirt? 
I am using 4.3 and trying to get it working but so far no luck?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/JPL5YFVBFZADKDAARLO337TZPKV64355/

[ovirt-users] Re: websockify + ovirt

2021-03-19 Thread Pascal D 
This is currently what I got: CONSOLE is the path to the console.vv file just 
downloaded. I have tested that logic with remote-viewer. So I know this is 
working at least. Now my goal is to get spice-web-client to work as well. 
However I am not understanding yet everything about the expectation of ovirt in 
regards to certificates, and authentication. Any insight is welcome

awk 'NR == 19 ' $CONSOLE | sed 's/ca=//;s/\\n/\n/g' >$CAFILE

port=$(grep '^tls-port=' $CONSOLE | cut -f2 -d=)
host=$(head -10 $CONSOLE | grep '^host=' | cut -f2 -d=)
user=$(grep '^host-subject=' $CONSOLE | cut -f2- -d=)
password=$(grep '^password=' $CONSOLE | cut -f2- -d=)

/var/www/websockify/run 5959 --cert=/etc/letsencrypt/live/xxx..net/cert.pem 
--key=/etc/letsencrypt/live/xxx..net/privkey.pem --ssl-only --verify-client 
--record /tmp/websockify.log --cafile=${CAFILE} --auth-plugin=ClientCertCNAuth 
--auth-source="${user} ${password}"  ${host}:${port}
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/EN4GY2Q5PVLNC6NBBXGFB47AMRHDEQRW/

[ovirt-users] Re: websockify + ovirt

2021-03-19 Thread Pascal DeMilly 
I will. I wish there was more documentation on how all of this works. My
current test sniffing the network show that actually the traffic is not on
the port as defined in the console file but on the tls-port of that file.
so I am a little confused how all of this works. And since everything is
SSLed it is quite difficult to know what is happening

On Fri, Mar 19, 2021 at 11:28 AM Vincent Royer 
wrote:

> Obviously I am assuming spice-html5 works with ovirt. Maybe it doesn't. I
>> was never able to make it work except with direct libvirt over spice.
>>
>
> I could never get the html5 implementation working.  If you get this new
> spice-web-client working, please post your config to the list!
>
>
>
>> ___
>> Users mailing list -- users@ovirt.org
>> To unsubscribe send an email to users-le...@ovirt.org
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct:
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives:
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/W3TBF4XPURKRVI2J3AWUDCTRCTYYHXGZ/
>>
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/PJIOIEM5XXYZRAXQQJCS6MWPP3POBPMY/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/6XTZH5LS63MEL6LO4PY3UGQAWKT24SCW/

[ovirt-users] Re: websockify + ovirt

2021-03-19 Thread Vincent Royer 
>
> Obviously I am assuming spice-html5 works with ovirt. Maybe it doesn't. I
> was never able to make it work except with direct libvirt over spice.
>

I could never get the html5 implementation working.  If you get this new
spice-web-client working, please post your config to the list!



> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/W3TBF4XPURKRVI2J3AWUDCTRCTYYHXGZ/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PJIOIEM5XXYZRAXQQJCS6MWPP3POBPMY/

[ovirt-users] Re: websockify + ovirt

2021-03-19 Thread Pascal D 
Thanks for your response. From it I deduct that the authentication must happen 
from the client not the proxy. 

however I am not finding any code in spice-html5 which would confirm this. So 
my thinking is that the authentication must happen on the websockify side. From 
the websockify docs I can  see some parameters that could help but wonder how 
to use them with ovirt.

--cafile=FILE file of concatenated certificates of authorities
trusted for validating clients (only effective with
--verify-client). If omitted, system default list of
CAs is used.
--auth-plugin=CLASS   use a Python class, usually one from
websockify.auth_plugins, such as BasicHTTPAuth, to
determine if a connection is allowed
  --auth-source=ARG an argument to be passed to the auth plugin on
instantiation

Obviously I am assuming spice-html5 works with ovirt. Maybe it doesn't. I was 
never able to make it work except with direct libvirt over spice.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/W3TBF4XPURKRVI2J3AWUDCTRCTYYHXGZ/

[ovirt-users] Re: websockify + ovirt

2021-03-19 Thread Pascal DeMilly 
AGPL spice-web-client is a spice html5 library from eyeos with another fork
from flexvdi. I have tested them with libvirt (no
encryption/authentication) and they really work great. I want to use them
with Ovirt since spice-html5 is under-performant. However with ovirt I have
to deal with authentication and ssl encryption. Since the OVirt certificate
is self signed I cannot really ask users to import it (anyway that didn't
work when I tried as it is missing the root certificate from the download
link on the OVirt web admin console).

So far I am able to get a proxy setup using websockify and provide my own
certificate and proxy it back to libvirt. I identified from the console.vv
file the minimum fields remote-viewer needs to make a secure connection to
OVirt. Now I need my websockyproxy to do the same

Any help on getting this working will be appreciated. I haven't found any
documentation on how this is working. I am ready to read remote-viewer code
to try to figure out though

Thanks

On Fri, Mar 19, 2021 at 8:22 AM Michal Skrivanek <
michal.skriva...@redhat.com> wrote:

> Hi,
>
> > On 19. 3. 2021, at 3:56, Pascal D  wrote:
> >
> > Hi,
> >
> > I am trying to get the spice-web-client working with ovirt.
>
> what is spice-web-client?
>
> > One area where I am having difficulties is authentication.Looking at
> remote-viewer on linux I am able to see that the minimum fields to have a
> successful spice connection are the following:
> >
> > [virt-viewer]
> > type=spice
> > host=70.xxx.176.xxx
> > port=5914
> > password=WQJQWCo+s8tK
> > tls-port=5915
> > tls-ciphers=DEFAULT
> > host-subject=O=.com,CN=d1c1v5.xxx.net
> > ca=-BEGIN
> CERTIFICATE-\nMIIDzDCCArSgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwSzELMAkGA1UEBhMCVVMxGDAWBgNVBAoM\nD2J1dHRlcmZseWl0LmNvbTEiMCAGA1UEAwwZb3YxLmJ1dHRlcmZseWl0LmNvbS40NTQ2NTAeFw0x\nOTA2MDQwMDMyMDVaFw0yOTA2MDIwMDMyMdXR0\nZXJmbHlpdC5jb20xIjAgBgNVBAMMGW92MS5idXR0ZXJmbHlpdC5jb20uNDU0NjUwggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD218EJkIJewgmeDFcUM7vEQ3RQ4nL9ZNEg+zORlruLKON\neZRDfgXei3XTt+VFUNTrxBjepf+yN3WjhVP+lDeDveZU/3OYKj9dSewlz7Mj1XTKE8DXDMIGYc79\nXUrcSoiEjCRG1eB+w+uyP4WK0AlJwGKav3AZuU5awjvYAftkW0RhOgdjp80ofuoC3K9TUPPjemtw\n3EWb4bjRcWiDUj8owfhhAHnb4RfacUSMQmYpVJ5YfRunYrCOixlOeGx7PkvXLqWmu2Rnrnk7TNn6\nv74fHh3ruHmZHLk2i6/yNoOAiJC/M8piCGZ3tiOcnPcYF2ZoX+Ud6BV69Hp6SxnF/eCXAgMBAAGj\ngbkwgbYwHQYDVR0OBBYEFAlrTpLGY5Dq6gtA7d7CXc1QAFmOMHQGA1UdIwRtMGuAFAlrTpLGY5Dq\n6gtA7d7CXc1QAFmOoU+kTTBLMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPYnV0dGVyZmx5aXQuY29t\nMSIwIAYDVQQDDBlvdjEuYnV0dGVyZmx5aXQuY29tLjQ1NDY1ggIQADAPBgNVHRMBAf8EBTADAQH/\nMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCA
> >
> QEAoC8Nx/s4Uafgc3iyzxbLPb/chQ8U\n7+lULXTq+ZLOuMDdu6UKt7qKZpJZK8ZhjFh/1yVOnpzm7Np+oP7TQlOUkup8X4HsfAwrCgNK1IT1\nETdbdMYD8HYFjxz/0xbnMkJAHfPEh1vtqplw3YhVgiAZfZfT8HzVY/xGkjurvxSyVjBSbn+4uao1\n6W9URt2rWTHn+XxoT+j+cx8vv1WKsynlMBtUjCFy8eR7ZDngRcM/9iRkRCGHJvWJmi1CRrQeE5RZ\nvBH0zE64J3cOJj4BSlN3wOYWiRq28XLB9epDDyZaRpnsqLCOq/+/LscM7iPW1acdCoCu68nJUwTQ\nh1Jh7vQjCQ==\n-END
> CERTIFICATE-\n
> >
> >
> > with this I can successfully connect to a vm. Now I would like to do the
> same from spice-web-client but websockify doesn't give me a tls-port.
>
> a tls-port for what? the one in .vv file is the qemu/spice-server tls port
>
> > How to could I implement this? Is there a wrapper that exists that I can
> pass to websockify to do the authentication on the port + 1 (it seems it is
> always the next port)
>
> the authentication in .vv file is for the SPICE protocol. it’s for the
> “spice-web-client” to implement that.
>
> Thanks,
> michal
>
> >
> > Thanks in advance for your help
> > ___
> > Users mailing list -- users@ovirt.org
> > To unsubscribe send an email to users-le...@ovirt.org
> > Privacy Statement: https://www.ovirt.org/privacy-policy.html
> > oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> > List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/B7MIZRV5PHVVVMAX3GQSZCAYDUZI4HH7/
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/YPZ5CFLOXUFBKOAVBTLBRBMI5MOX3V75/
>
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/MP7GHQBCLIASG6EL7IULEXROOLYWMI4X/

[ovirt-users] Re: websockify + ovirt

2021-03-19 Thread Michal Skrivanek 
Hi,

> On 19. 3. 2021, at 3:56, Pascal D  wrote:
> 
> Hi,
> 
> I am trying to get the spice-web-client working with ovirt.

what is spice-web-client?

> One area where I am having difficulties is authentication.Looking at 
> remote-viewer on linux I am able to see that the minimum fields to have a 
> successful spice connection are the following:
> 
> [virt-viewer]
> type=spice
> host=70.xxx.176.xxx
> port=5914
> password=WQJQWCo+s8tK
> tls-port=5915
> tls-ciphers=DEFAULT
> host-subject=O=.com,CN=d1c1v5.xxx.net
> ca=-BEGIN 
> CERTIFICATE-\nMIIDzDCCArSgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwSzELMAkGA1UEBhMCVVMxGDAWBgNVBAoM\nD2J1dHRlcmZseWl0LmNvbTEiMCAGA1UEAwwZb3YxLmJ1dHRlcmZseWl0LmNvbS40NTQ2NTAeFw0x\nOTA2MDQwMDMyMDVaFw0yOTA2MDIwMDMyMdXR0\nZXJmbHlpdC5jb20xIjAgBgNVBAMMGW92MS5idXR0ZXJmbHlpdC5jb20uNDU0NjUwggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD218EJkIJewgmeDFcUM7vEQ3RQ4nL9ZNEg+zORlruLKON\neZRDfgXei3XTt+VFUNTrxBjepf+yN3WjhVP+lDeDveZU/3OYKj9dSewlz7Mj1XTKE8DXDMIGYc79\nXUrcSoiEjCRG1eB+w+uyP4WK0AlJwGKav3AZuU5awjvYAftkW0RhOgdjp80ofuoC3K9TUPPjemtw\n3EWb4bjRcWiDUj8owfhhAHnb4RfacUSMQmYpVJ5YfRunYrCOixlOeGx7PkvXLqWmu2Rnrnk7TNn6\nv74fHh3ruHmZHLk2i6/yNoOAiJC/M8piCGZ3tiOcnPcYF2ZoX+Ud6BV69Hp6SxnF/eCXAgMBAAGj\ngbkwgbYwHQYDVR0OBBYEFAlrTpLGY5Dq6gtA7d7CXc1QAFmOMHQGA1UdIwRtMGuAFAlrTpLGY5Dq\n6gtA7d7CXc1QAFmOoU+kTTBLMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPYnV0dGVyZmx5aXQuY29t\nMSIwIAYDVQQDDBlvdjEuYnV0dGVyZmx5aXQuY29tLjQ1NDY1ggIQADAPBgNVHRMBAf8EBTADAQH/\nMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCA
> QEAoC8Nx/s4Uafgc3iyzxbLPb/chQ8U\n7+lULXTq+ZLOuMDdu6UKt7qKZpJZK8ZhjFh/1yVOnpzm7Np+oP7TQlOUkup8X4HsfAwrCgNK1IT1\nETdbdMYD8HYFjxz/0xbnMkJAHfPEh1vtqplw3YhVgiAZfZfT8HzVY/xGkjurvxSyVjBSbn+4uao1\n6W9URt2rWTHn+XxoT+j+cx8vv1WKsynlMBtUjCFy8eR7ZDngRcM/9iRkRCGHJvWJmi1CRrQeE5RZ\nvBH0zE64J3cOJj4BSlN3wOYWiRq28XLB9epDDyZaRpnsqLCOq/+/LscM7iPW1acdCoCu68nJUwTQ\nh1Jh7vQjCQ==\n-END
>  CERTIFICATE-\n
> 
> 
> with this I can successfully connect to a vm. Now I would like to do the same 
> from spice-web-client but websockify doesn't give me a tls-port.  

a tls-port for what? the one in .vv file is the qemu/spice-server tls port

> How to could I implement this? Is there a wrapper that exists that I can pass 
> to websockify to do the authentication on the port + 1 (it seems it is always 
> the next port)

the authentication in .vv file is for the SPICE protocol. it’s for the 
“spice-web-client” to implement that.

Thanks,
michal

> 
> Thanks in advance for your help
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: 
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives: 
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/B7MIZRV5PHVVVMAX3GQSZCAYDUZI4HH7/
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YPZ5CFLOXUFBKOAVBTLBRBMI5MOX3V75/