Il giorno mar 15 dic 2020 alle ore 11:45 Armin Ranjbar <zoup@xxxxxxxx> ha scritto: > > Dear Everyone, > > As always, let me thank you first for the effort you put in Spice. > > I have a strange case here, libvirt is configured with letsencrypt certificates, remote-viewer works happily on Linux, but it doesn't seem to be able to get local issuer certificate on windows. > same error even when I try to give the address of CA file via --spice-ca-file, attaching logs with spice-debug here: > > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:17.293: ../src/spice-session.c:292 Supported channels: main, display, inputs, cursor, playback, record, usbredir > (remote-viewer.exe:3584): Spice-DEBUG: 15:13:17.293: ../src/usb-device-manager.c:259:spice_usb_device_manager_init: UsbDk driver is not installed > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:17.293: ../src/usb-device-manager.c:485 auto-connect filter set to 0x03,-1,-1,-1,0|-1,-1,-1,-1,1 > > (remote-viewer.exe:3584): GSpice-CRITICAL **: 15:13:17.293: _usbdk_hider_update: assertion 'priv->usbdk_api != NULL' failed > > (remote-viewer.exe:3584): GSpice-WARNING **: 15:13:17.962: password may be visible in process listings > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:17.965: ../src/spice-session.c:1814 no migration in progress > Spice-INFO: 15:13:17.965: ../src/channel-main.c:337:spice_main_set_property: SpiceMainChannel::color-depth has been deprecated. Property is ignored > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:17.965: ../src/spice-channel.c:141 main-1:0: spice_channel_constructed > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:17.965: ../src/spice-session.c:2309 main-1:0: new main channel, switching > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.680: ../src/spice-channel.c:2707 main-1:0: Open coroutine starting 000000000462E480 > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.680: ../src/spice-channel.c:2544 main-1:0: Started background coroutine 000000000462E338 > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.680: ../src/spice-session.c:2231 Missing port value, not attempting unencrypted connection. > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.680: ../src/spice-channel.c:2570 main-1:0: trying with TLS port > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.694: ../src/spice-session.c:2244 main-1:0: Using TLS, port 5901 > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.694: ../src/spice-session.c:2177 open host DOMAIN_REPLACED:5901 > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.694: ../src/spice-session.c:2099 main-1:0: connecting 00000000071DFDD0... > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.757: ../src/spice-session.c:2083 main-1:0: connect ready > (remote-viewer.exe:3584): GSpice-DEBUG: 15:13:18.757: ../src/spice-channel.c:2466 main-1:0: Load CA, file: C:\ca-cert.pem, data: 0000000000000000 > This "data: 0000000000000000" refers to a specific CA loaded, the function should load certificates from the file afterward. If the load would fail there should be a warning like "loading ca certs from C:\ca-cert.pem failed" but it's not present. Also if the load fails there should be another "loading ca certs from default location failed" warning. > (remote-viewer.exe:3584): Spice-WARNING **: 15:13:18.819: ../subprojects/spice-common/common/ssl_verify.c:444:openssl_verify: Error in certificate chain verification: unable to get issuer certificate (num=2:depth1:/C=US/O=Let's Encrypt/CN=R3) > Sure the C:\ca-file.pem contains the CA certificate for Let's Encrypt ? Frediano _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel