1127762 – "remote-viewer file.vv" tries to load $HOME/.spicec/truststore.pem file

Bug 1127762 - "remote-viewer file.vv" tries to load $HOME/.spicec/truststore.pem file

Summary: "remote-viewer file.vv" tries to load $HOME/.spicec/truststore.pem file

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	virt-viewer
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	low
Target Milestone:	rc
Target Release:	7.1
Assignee:	Jonathon Jongsma
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-08-07 13:52 UTC by David Jaša
Modified:	2015-03-05 13:39 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: virt-viewer tried to load the cert-file based on "ca-file" property, even when launched with a .vv file. Consequence: An additional cert-file was being loaded wrongly. Fix: Set the "ca-file" property to NULL when lauching virt-viewer with a .vv file. Result: virt-viewer will use only the cert-file provided by the .vv file.
Clone Of:
Environment:
Last Closed:	2015-03-05 13:39:37 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:0295	normal	SHIPPED_LIVE	virt-viewer bug fix and enhancement update	2015-03-05 17:33:00 UTC

Description David Jaša 2014-08-07 13:52:34 UTC

Description of problem:
when launched with .vv file, spice-gtk should get temporary CA certificate only and only from .vv file, not from legacy temporary file of ~/.spicec/truststore.pm

Version-Release number of selected component (if applicable):
spice-gtk3-0.20-8.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. open connection to tls-enabled VM using .vv file with debug output
2.
3.

Actual results:
spice-gtk says among others:
(remote-viewer:5980): GSpice-DEBUG: spice-session.c:1708 connect ready
(remote-viewer:5980): GSpice-DEBUG: spice-channel.c:2187 main-1:0: Load CA, file: /home/brq/djasa/.spicec/spice_truststore.pem, data: 0x2657800

(remote-viewer:5980): GSpice-WARNING **: loading ca certs from /home/brq/djasa/.spicec/spice_truststore.pem failed

Expected results:
spice-gtk shouldn't touch truststore.pem by default when launched with .vv file

Additional info:

Comment 1 Jonathon Jongsma 2014-08-15 16:21:19 UTC

https://www.redhat.com/archives/virt-tools-list/2014-August/msg00083.html

Comment 2 Jonathon Jongsma 2014-09-12 16:11:01 UTC

Needs QA ack

Comment 4 CongDong 2014-10-09 09:09:23 UTC

Steps,
1. Prepare a spice guest on rhevm and download the .vv file
2. 
# remote-viewer console.vv --debug --spice-debug 
...
(remote-viewer:15755): GSpice-WARNING **: loading ca certs from /root/.spicec/spice_truststore.pem failed
...

VERIFY with virt-viewer-0.6.0-7.el7.x86_64
Result:
No log for touch CA in local dir.
...
(remote-viewer:16088): GSpice-DEBUG: spice-channel.c:2187 display-2:0: Load CA, file: (null), data: 0xe5ed70
...



As the result, set VERIFIED.

Comment 6 errata-xmlrpc 2015-03-05 13:39:37 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0295.html

Note You need to log in before you can comment on or make changes to this bug.