Description of problem: print more informative error on host subject mismatch Version-Release number of selected component (if applicable): spice-gtk-0.11-11 How reproducible: always Steps to Reproduce: 1. create a server certificate with Subject containing CN=$IP (or CN=$FQDN) 2. start a spice-server: qemu-kvm -spice tls-port=$PORT,x509-dir=$DIR 3. connect to a server with: remote-viewer --spice-ca-file $CACERT spice://$FQDN/?tls-port=$PORT (or remote-viewer --spice-ca-file $CACERT spice://$IP/?tls-port=$PORT Actual results: remote-viewer presents raw OpenSSL error: GSpice-WARNING **: main-1:0: SSL_connect: error:00000001:lib(0):func(0):reason(1) Expected results: remote-viewer should print error like this instead: Host Subject mismatch: server presented itself with subject: "$SUBJ" Additional info:
In such a case, there is not really a subject mismatch. remote-viewer is not passed a host subject parameter, so it won't attempt to verify it. What will happen here is that hostname verification will be attempted, and if this fails, the connection will fail. So I'm not sure we want to report a host subject mismatch here.
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux.
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development. This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.
This should be addressed by http://cgit.freedesktop.org/spice/spice-common/commit/?id=bf5511033d5d6fb98cd597699a725183ae078b62
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0343.html