RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 653545 - spice client log shows incorrect information regarding secure/insecure channels
Summary: spice client log shows incorrect information regarding secure/insecure channels
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: spice-client
Version: 6.0
Hardware: x86_64
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: Christophe Fergeau
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-11-15 17:05 UTC by Ortal
Modified: 2011-12-06 15:22 UTC (History)
13 users (show)

Fixed In Version: spice-client-0.8.2-1.el6
Doc Type: Bug Fix
Doc Text:
Cause Connection to spice-server secure_port is done by securing (using openssl) an unsecured connection (established using connect_unsecure function). Consequence Spice client log showed secure-connection messages containing "connect_unsecure" Fix The function that establish connection was renamed to connect_to_peer. Both secure and unsecure connections call this function. Result Spice client log shows secure-connection messages containing "connect_to_pee r" and does not contain "unsecure".
Clone Of:
Environment:
Last Closed: 2011-12-06 15:22:05 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
patch rediffed against git master (2.89 KB, patch)
2011-07-08 11:38 UTC, Christophe Fergeau 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1518 0 normal SHIPPED_LIVE libcacard and spice-client bug fix and enhancement update 2011-12-06 00:50:43 UTC

Description Ortal 2010-11-15 17:05:34 UTC 
Description of problem:

The log shows that the connection is unsecured instead of secured.

Version-Release number of selected component (if applicable):

[ogvura@ogvura ~]$ rpm -q spice-client
spice-client-0.6.3-2.el6_0.3.x86_64
[ogvura@ogvura ~]$ rpm -q spice-xpi
spice-xpi-2.4-1.el6.x86_64


Steps to Reproduce:
1. Connect to the VM via spicec
2. Run the command: cat .spicec/spicec.log
  
Actual results:
 
Getting the Error print: (RedPeer::connect_unsecure: Trying 10.35.64.95 5885 )

Expected results:

Changing the error to be secured.
Comment 2 Yaniv Kaul 2010-11-15 19:16:14 UTC 
Ortal, please attach complete log.

The problem is that the connection (2 out of the 6 or so channels) are actually TLS secured. Nevertheless, all the logs are connection_*unsecure*
Comment 3 Ortal 2010-11-16 07:52:22 UTC 
**Please see attached Logs.
Comment 4 Jonathan Blandford 2010-12-01 22:47:36 UTC 
We should investigate this.  dev_acking.
Comment 5 Alon Levy 2011-01-03 12:55:02 UTC 
Ortal,

 Can you attach the logs?

Thanks!
Comment 6 Uri Lublin 2011-03-29 16:11:32 UTC 
The patch:
http://lists.freedesktop.org/archives/spice-devel/2011-February/002413.html
Comment 11 Christophe Fergeau 2011-07-04 16:46:13 UTC 
It looks like the patch mentioned in this bug hasn't been applied yet, even though it was ACK'ed on the mailing list. I think this bug should be devel_ack+ and the patch committed to spice git.
Comment 12 Christophe Fergeau 2011-07-08 11:38:01 UTC 
Created attachment 511912 [details]
patch rediffed against git master
Comment 15 Christophe Fergeau 2011-07-18 16:38:08 UTC 
The patch from comment #12 has been pushed to spice git master
Comment 16 Christophe Fergeau 2011-07-28 10:38:48 UTC 
This bug is fixed in spice 0.8.2 which is being pushed to RHEL 6.2
Comment 18 David Jaša 2011-10-14 14:21:52 UTC 
VERIFIED in spice-client-0.8.2-7:

1318595180 INFO [16959:16960] RedPeer::connect_unsecure: Connected to 10.34.58.4 5904
1318595180 INFO [16959:16960] RedPeer::connect_secure: Connected to 10.34.58.4 5905
Comment 19 Uri Lublin 2011-11-20 11:02:11 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause
    Connection to spice-server secure_port is done by securing (using openssl) an unsecured connection (established using connect_unsecure function).
Consequence
    Spice client log showed secure-connection messages containing "connect_unsecure"
Fix
    The function that establish connection was renamed to connect_to_peer. Both secure and unsecure connections call this function.
Result
    Spice client log shows secure-connection messages containing "connect_to_pee
r" and does not contain "unsecure".
Comment 20 errata-xmlrpc 2011-12-06 15:22:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1518.html
Note You need to log in before you can comment on or make changes to this bug.