[libvirt] libvirt tls vnc

[Radek Hladik]

Michael Kress napsal(a):
> Radek Hladik wrote:
>> Michael Kress napsal(a):
>>> 2009.02.26 19:09:44 LOG7[14644:3086588128]: Certificate:
>>> /home/kress/keys/client-cert.pem
>>> 2009.02.26 19:09:44 LOG7[14644:3086588128]: Certificate loaded
>>> 2009.02.26 19:09:44 LOG7[14644:3086588128]: Key file:
>>> /home/kress/keys/client-cert.pem
>>> 2009.02.26 19:09:44 LOG3[14644:3086588128]: error stack: 140B3009 :
>>> error:140B3009:SSL routines:SSL_CTX_use_RSAPrivateKey_file:PEM lib
>>> 2009.02.26 19:09:44 LOG3[14644:3086588128]:
>>> SSL_CTX_use_RSAPrivateKey_file: 906D06C: error:0906D06C:PEM
>>> routines:PEM_read_bio:no start line
>>> vncviewer: VNC server closed connection
>> Is the private key stored in client-cert.pem with the certificate
>> itself? I've noticed you generate client-key.pem but I am not sure
>> whether you combine these two files somewhere.  The lines from log
>> state that the private key can not be found in
>> /home/kress/keys/client-cert.pem
> 
> These are the contents (will change them anyways, so I can post them):
> client-cert.pem
> =================================
> -----BEGIN CERTIFICATE-----
> MIIDXzCCAkmgAwIBAgIESabNHzALBgkqhkiG9w0BAQUwEzERMA8GA1UEAxMIbXlz
> ZXJ2ZXIwHhcNMDkwMjI2MTcxMDU1WhcNMTAwMjI2MTcxMDU1WjBfMQswCQYDVQQG
> HhYM
> -----END CERTIFICATE-----
> =================================
> client-key.pem
> =================================
> -----BEGIN RSA PRIVATE KEY-----
> MIIEowIBAAKCAQEAmsA6M2uyhUrOsrAKnUY4ekE0wZJI+FRLw9X4CQflZtOGFZ8Z
> W5M73CNFLzul7f8q97AI+jceoWHsz/oZq9q9n491uVTJGFwLCVQdxRzDRn5vV1by
> sEhA6c+VBIFyj9q8zesdevEvR3qpS4lY/0A52X6EQbuEjQTgjnD6c4gd/dSl8pTK
> -----END RSA PRIVATE KEY-----

Stunnel can not find private key. It tries to locate it in 
client-cert.pem (I do not know why). Either change this in configuration 
   or appen client-key.pem to client-cert.pem. The PEM file can contain 
both certificate and private key and stunnel will handle it.

Radek