Bug 1127762 - "remote-viewer file.vv" tries to load $HOME/.spicec/truststore.pem file
Summary: "remote-viewer file.vv" tries to load $HOME/.spicec/truststore.pem file
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: virt-viewer
Version: 7.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: rc
: 7.1
Assignee: Jonathon Jongsma
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-07 13:52 UTC by David Jaša
Modified: 2015-03-05 13:39 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: virt-viewer tried to load the cert-file based on "ca-file" property, even when launched with a .vv file. Consequence: An additional cert-file was being loaded wrongly. Fix: Set the "ca-file" property to NULL when lauching virt-viewer with a .vv file. Result: virt-viewer will use only the cert-file provided by the .vv file.
Clone Of:
Environment:
Last Closed: 2015-03-05 13:39:37 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:0295 normal SHIPPED_LIVE virt-viewer bug fix and enhancement update 2015-03-05 17:33:00 UTC

Description David Jaša 2014-08-07 13:52:34 UTC
Description of problem:
when launched with .vv file, spice-gtk should get temporary CA certificate only and only from .vv file, not from legacy temporary file of ~/.spicec/truststore.pm

Version-Release number of selected component (if applicable):
spice-gtk3-0.20-8.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. open connection to tls-enabled VM using .vv file with debug output
2.
3.

Actual results:
spice-gtk says among others:
(remote-viewer:5980): GSpice-DEBUG: spice-session.c:1708 connect ready
(remote-viewer:5980): GSpice-DEBUG: spice-channel.c:2187 main-1:0: Load CA, file: /home/brq/djasa/.spicec/spice_truststore.pem, data: 0x2657800

(remote-viewer:5980): GSpice-WARNING **: loading ca certs from /home/brq/djasa/.spicec/spice_truststore.pem failed

Expected results:
spice-gtk shouldn't touch truststore.pem by default when launched with .vv file

Additional info:

Comment 2 Jonathon Jongsma 2014-09-12 16:11:01 UTC
Needs QA ack

Comment 4 CongDong 2014-10-09 09:09:23 UTC
Steps,
1. Prepare a spice guest on rhevm and download the .vv file
2. 
# remote-viewer console.vv --debug --spice-debug 
...
(remote-viewer:15755): GSpice-WARNING **: loading ca certs from /root/.spicec/spice_truststore.pem failed
...

VERIFY with virt-viewer-0.6.0-7.el7.x86_64
Result:
No log for touch CA in local dir.
...
(remote-viewer:16088): GSpice-DEBUG: spice-channel.c:2187 display-2:0: Load CA, file: (null), data: 0xe5ed70
...



As the result, set VERIFIED.

Comment 6 errata-xmlrpc 2015-03-05 13:39:37 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0295.html


Note You need to log in before you can comment on or make changes to this bug.