[libvirt] Libvirt 0.9.4rc2 + qemu 0.15 VNC/TLS not working
Radek Hladik
radek at eadresa.cz
Wed Aug 24 22:12:44 UTC 2011
Dne 24.8.2011 13:55, Daniel P. Berrange napsal(a):
> On Tue, Aug 23, 2011 at 08:50:35PM +0200, Radek Hladik wrote:
>> Dne 23.8.2011 14:36, Radek Hladik napsal(a):
>>> I am thinking whether there is not a problem with monitor setting
>>> something after the machine starts. Libvirt does the same with password,
>>> so maybe it does something with TLS
>>
>> I tried to remove the VNC password from guest XML and TLS is
>> working. So actually now the situation is like this:
>>
>> * guest with password+qemu configured to use TLS = no TLS (VNC AUTH TYPE=2)
>>
>> * guest without password+qemu configured to use TLS = working TLS
>> (VNC AUTH TYPE=19)
>>
>> I hope it will help to make my issue more clear. I am really
>> suspecting that the password setup somehow removes the TLS option
>> from VNC.
>
> Yes, QEMU applied a broken fix for CVE-2011-0011 which means whenever
> you set a password, they reset auth type to 'VNC' (type=2).
>
> http://lists.nongnu.org/archive/html/qemu-devel/2011-08/msg02795.html
>
>
> Regards,
> Daniel
Thanks for your answer.
I tried to comment out
vs->auth = VNC_AUTH_VNC;
inspired by your patch (the whole patch did not work with my version of
qemu ) and it fixed the issue. I will check how the situation will
evolve, whether qemu developers will fix it or not.
Radek
More information about the libvir-list
mailing list