Bug 705978

Description of problem:
virt-manager can't vnc to guest when using TLS connections.


Version-Release number of selected component (if applicable):
libvirt-0.8.2-20.el5
virt-manager-0.6.1-14.el5

How reproducible:
always

Steps to Reproduce:
steup:
1.-  make sure you have 2 machines, one runs virt-manager, the other runs as a host.
- Log the host machine into a Xen environment
- libvirtd service is running on both system
- require package "gnutls-utils" installed
2.Make sure 2 hosts UTC time was same.
#date -U
if not please set it.
3. Make sure the iptables let the vnc port 5900 though on both machine.

On server (dhcp-66.70.159.nay.redhat.com)
1. Set up a Certificate Authority (CA)
    1.1 # certtool --generate-privkey > cakey.pem
    1.2 self-sign cakey.pem by creating a file with the signature details called ca.info containing:

         cn = dhcp-66.70.159.nay.redhat.com (or the ip of the server)
         ca
         cert_signing_key

   1.3 # certtool --generate-self-signed --load-privkey cakey.pem --template ca.info --outfile cacert.pem

2. Create server certificates
    2.1 certtool --generate-privkey > serverkey.pem
    2.2 sign that key with the CA's private key by first creating a template file called server.info
    
      organization = Red Hat
      cn = dhcp-66.70.159.nay.redhat.com (or the ip of the server)
      tls_www_server
      encryption_key
      signing_key

   2.3 # certtool --generate-certificate --load-privkey serverkey.pem --load-ca-certificate cacert.pem \
         --load-ca-privkey cakey.pem --template server.info --outfile servercert.pem
3. Copy CA key and server key to correct directory
     3.1 # cp cakey.pem cacert.pem /etc/pki/CA
     3.2 # mkdir -p /etc/pki/libvirt/private
     3.3 # cp serverkey.pem /etc/pki/libvirt/private
     3.4 # cp servercert.pem /etc/pki/libvirt

4. Copy CA key to client(10.66.70.162) into correct directory
    4.1 # scp cakey.pem cacert.pem root.70.162:/etc/pki/CA

5. Turn on libvird monitor listening in /etc/sysconfig/libvirtd
  -- uncomment LIBVIRTD_ARGS="--listen"

6. Edit /etc/libvirt/libvirtd.conf
  -- uncomment  "listen_tls = 1"
  -- uncomment and set auth_tls = "none"
  -- uncommenet "vnc_tls=1"
  -- set this line : vnc_listen = "0.0.0.0"
7. Set the the guest specific file: /etc/libvirt/qemu/<guest-name>.xml
change the "127.0.0.1" to "0.0.0.0" in Graphics line


8. # service libvirtd restart

9. # service iptables stop

On client (dhcp-66.70.162.nay.redhat.com)

10.  Create client certificates
     10.1 # certtool --generate-privkey > clientkey.pem
     10.2 Act as CA and sign the certificate.  Create client.info containing:

        country = GB
        state = London
        locality = London
        organization = Red Hat
        cn = dhcp-66.70.162.nay.redhat.com (or the ip of the client)
        tls_www_client
        encryption_key
        signing_key

     10.3 # certtool --generate-certificate  --load-privkey clientkey.pem --load-ca-certificate /etc/pki/CA/cacert.pem \
           --load-ca-privkey /etc/pki/CA/cakey.pem --template client.info --outfile clientcert.pem

11. Copy client key to correct directory
     11.1 # mkdir -p /etc/pki/libvirt/private
     11.2 # cp clientkey.pem /etc/pki/libvirt/private
     11.3 # cp clientcert.pem /etc/pki/libvirt/


[Steps]
1, Launch virt-manager
2, Connect to a remote host ("File ->Add Connection ->Choose Qemu/xen for Hypervisor --> choose 'Remote SSL/TLS with x509 certificate' -->Select the remote host you want to connect.-->Click 'Connect'")
3, Try to run/shutdown/force off/open some vm on the remote connect.
Actual results:
user can't vnc to client guest,an error message shown up in virt-manager
"TCP/IP error:VNC connection to hypervisor host got refused or disconnected!"

Expected results:
user can vnc to client guest.

Additional info: