[libvirt-users] problem when use tls to connect libvirt
Yalan Zhang
yalzhang at redhat.com
Wed Dec 6 13:44:47 UTC 2017
Hi guys,
I met a problem when I use tls to connect libvirt.
When I set the CN in client.info, server.info as hostname(FDQN), the tls
check will fail with ip; and vice versa, when set CN as ip address, the tls
check will fail with hostname. Only use what we set in can succeed. If this
is expected? or I there was some issue in my env. or setup steps?
1. set tls env with hostname, then it will fail to check with ip
# virsh -c qemu+tls://192.168.122.4/system
2017-12-06 13:24:52.346+0000: 3954: info : libvirt version: x.x.x, package:
4.el7 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>,
2017-11-30-07:57:27, x.x.x.redhat.com)
2017-12-06 13:24:52.346+0000: 3954: info : hostname: work.englab.cn
2017-12-06 13:24:52.346+0000: 3954: warning :
virNetTLSContextCheckCertificate:1125 : Certificate check failed
Certificate [session] owner does not match the hostname 192.168.122.4
error: failed to connect to the hypervisor
error: authentication failed: Failed to verify peer's certificate
2. use the hostname as what we set can succeed.
# virsh -c qemu+tls://test.englab.cn/system
Welcome to virsh, the virtualization interactive terminal.
Type: 'help' for help with commands
'quit' to quit
virsh #
# ping test.englab.cn
PING test.englab.cn (192.168.122.4) 56(84) bytes of data.
64 bytes from test.englab.cn (192.168.122.4): icmp_seq=1 ttl=64 time=0.235
ms
64 bytes from test.englab.cn (192.168.122.4): icmp_seq=2 ttl=64 time=0.204
ms
...
-------
Best Regards,
Yalan Zhang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20171206/d2b60dc6/attachment.htm>
More information about the libvirt-users
mailing list