>>I guess we need to subscript to the spice developer list and try to fix that >>upstream? Already done ;) I have send them a mail for ca= value.
I'll try to see if we can fix it by hacking the spicelib. (server side). I think that the server send new values to the client, so maybe it's possible to send password and ca. I will try that today. ----- Mail original ----- De: "Dietmar Maurer" <[email protected]> À: "Alexandre Derumier" <[email protected]>, [email protected] Envoyé: Lundi 22 Juillet 2013 07:55:27 Objet: RE: [pve-devel] qemu-server : spice seamless migration > - Fixme: > > 1)remote-viewer will resend same password to the targetvm, so we need to > set the last spice password when we start the target vm. > Is it safe to store on hosts the last spice password used ? No, I do not want to add such dirty hacks. Solution: fix remote-viewer > 2)with tls, ca= option seem to not be keep by the client. > workaround : cp pve-root-ca.pem to client .spicec/spice_truststore.pem. > Solution: fix remote-viewer > Maybe is is possible to send to the client the ca, and a new password ticket > > in spicelib, server/reds.c > > /* returns FALSE if info is invalid */ > static int reds_set_migration_dest_info(const char* dest, > int port, int secure_port, > const char* cert_subject) { > RedsMigSpice *spice_migration = NULL; > > reds_mig_release(); > if ((port == -1 && secure_port == -1) || !dest) { > return FALSE; > } > > spice_migration = spice_new0(RedsMigSpice, 1); > spice_migration->port = port; > spice_migration->sport = secure_port; > spice_migration->host = spice_strdup(dest); > if (cert_subject) { > spice_migration->cert_subject = spice_strdup(cert_subject); > } > > reds->mig_spice = spice_migration; > > return TRUE; > } > I guess we need to subscript to the spice developer list and try to fix that upstream? _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
