Il giorno mar 15 dic 2020 alle ore 11:45 Armin Ranjbar <z...@zoup.org> ha scritto: > > Dear Everyone, > > As always, let me thank you first for the effort you put in Spice. > > I have a strange case here, libvirt is configured with letsencrypt > certificates, remote-viewer works happily on Linux, but it doesn't seem to be > able to get local issuer certificate on windows. > same error even when I try to give the address of CA file via > --spice-ca-file, attaching logs with spice-debug here: > > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:17.293: > ../src/spice-session.c:292 Supported channels: main, display, inputs, cursor, > playback, record, usbredir > (remote-viewer.exe:3584): Spice-DEBUG: 15:13:17.293: > ../src/usb-device-manager.c:259:spice_usb_device_manager_init: UsbDk driver > is not installed > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:17.293: > ../src/usb-device-manager.c:485 auto-connect filter set to > 0x03,-1,-1,-1,0|-1,-1,-1,-1,1 > > (remote-viewer.exe:3584): GSpice-CRITICAL **: 15:13:17.293: > _usbdk_hider_update: assertion 'priv->usbdk_api != NULL' failed > > (remote-viewer.exe:3584): GSpice-WARNING **: 15:13:17.962: password may be > visible in process listings > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:17.965: > ../src/spice-session.c:1814 no migration in progress > Spice-INFO: 15:13:17.965: ../src/channel-main.c:337:spice_main_set_property: > SpiceMainChannel::color-depth has been deprecated. Property is ignored > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:17.965: > ../src/spice-channel.c:141 main-1:0: spice_channel_constructed > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:17.965: > ../src/spice-session.c:2309 main-1:0: new main channel, switching > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.680: > ../src/spice-channel.c:2707 main-1:0: Open coroutine starting 000000000462E480 > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.680: > ../src/spice-channel.c:2544 main-1:0: Started background coroutine > 000000000462E338 > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.680: > ../src/spice-session.c:2231 Missing port value, not attempting unencrypted > connection. > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.680: > ../src/spice-channel.c:2570 main-1:0: trying with TLS port > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.694: > ../src/spice-session.c:2244 main-1:0: Using TLS, port 5901 > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.694: > ../src/spice-session.c:2177 open host DOMAIN_REPLACED:5901 > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.694: > ../src/spice-session.c:2099 main-1:0: connecting 00000000071DFDD0... > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.757: > ../src/spice-session.c:2083 main-1:0: connect ready > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.757: > ../src/spice-channel.c:2466 main-1:0: Load CA, file: C:\ca-cert.pem, data: > 0000000000000000 >
This "data: 0000000000000000" refers to a specific CA loaded, the function should load certificates from the file afterward. If the load would fail there should be a warning like "loading ca certs from C:\ca-cert.pem failed" but it's not present. Also if the load fails there should be another "loading ca certs from default location failed" warning. > (remote-viewer.exe:3584): Spice-WARNING **: 15:13:18.819: > ../subprojects/spice-common/common/ssl_verify.c:444:openssl_verify: Error in > certificate chain verification: unable to get issuer certificate > (num=2:depth1:/C=US/O=Let's Encrypt/CN=R3) > Sure the C:\ca-file.pem contains the CA certificate for Let's Encrypt ? Frediano _______________________________________________ Spice-devel mailing list Spice-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/spice-devel
