Dear All,
Please find few minutes from your time and guide us with some pointers if
possible.
We are facing a libvirtd crash when we are trying to connect to qemu by
default TLS transport. i.e libvirt crash when trying to inquiry libvirt
version using curl with TLS
# virsh -c qemu+tls://localhost/system version
error: authentication failed: TLS handshake failed A TLS packet with
unexpected length was received.
error: failed to connect to the hypervisor
We used our own CA and certificates on both Kontron PC and our board.
Libvirtd.conf was modified so that libvirt is listening all IPs using
default IP
These directories and files created and used.
/etc/pki/CA/cacert.pem
/etc/pki/libvirt/private/serverkey.pem
/etc/pki/libvirt/servercert.pem
/etc/pki/libvirt/private/clientkey.pem
/etc/pki/libvirt/clientcert.pem
TLS connection worked fine with Kontron PC
# virsh -c qemu+tls://localhost/system version
Compiled against library: libvir 0.9.5
Using library: libvir 0.9.5
Using API: QEMU 0.9.5
Running hypervisor: QEMU 0.12.1
But libvirt crashed on our board (using libvirt 0.10.2,
gnutls-2.10.5-1_WR4.3.x86_64 and libudev-161-4 rpms,
libgcrypt-1.4.0-3_WR4.3.x86_64 )
# virsh -c qemu+tls://localhost/system version
error: authentication failed: TLS handshake failed A TLS packet with
unexpected length was received.
error: failed to connect to the hypervisor
GDB:
Breakpoint 3, 0x00007f555bb07410 in gnutls_handshake () from
/usr/lib64/libgnutls.so.26
(gdb) c
Continuing.
Program received signal SIGABRT, Aborted.
0x00007f555a096005 in raise () from /lib64/libc.so.6
(gdb) bt
#0 0x00007f555a096005 in raise () from /lib64/libc.so.6
#1 0x00007f555a098e40 in abort () from /lib64/libc.so.6
#2 0x00007f555b87fdc5 in _gcry_logv (level=50, fmt=0x7f555b8c6170 "*operation
is not possible without initialized secure memory\n*",
arg_ptr=0x7fff546e1130) at misc.c:136
#3 0x00007f555b8803d5 in _gcry_log_bug (fmt=0x48e0 <Address 0x48e0 out of
bounds>) at misc.c:220
#4 0x00007f555b885697 in _gcry_secmem_malloc_internal (size=<value
optimized out>) at secmem.c:497
#5 0x00007f555b88579c in _gcry_secmem_malloc (size=136) at secmem.c:522
#6 0x00007f555b880a65 in do_malloc (n=18656, flags=<value optimized out>,
mem=0x7fff546e1290) at global.c:553
#7 0x00007f555b880aa9 in _gcry_malloc_secure (n=18656) at global.c:592
#8 0x00007f555b880b19 in _gcry_xmalloc_secure (n=136) at global.c:746
#9 0x00007f555b8c35df in _gcry_mpi_alloc_limb_space (nlimbs=17,
secure=18656) at mpiutil.c:92
#10 0x00007f555b8c365f in _gcry_mpi_alloc_secure (nlimbs=17) at mpiutil.c:75
#11 0x00007f555b8b025a in secret (output=0x17cfa20, input=0x17d0480,
skey=0x6) at rsa.c:365
#12 0x00007f555b8b045a in _gcry_rsa_sign (algo=<value optimized out>,
resarr=0x17d0660, data=0x17d0480, skey=<value optimized out>) at rsa.c:608
#13 0x00007f555b88c1ef in pubkey_sign (r_sig=0x7fff546e1488, s_hash=<value
optimized out>, s_skey=<value optimized out>) at pubkey.c:692
#14 _gcry_pk_sign (r_sig=0x7fff546e1488, s_hash=<value optimized out>,
s_skey=<value optimized out>) at pubkey.c:1807
---Type <return> to continue, or q <return> to quit---
#15 0x00007f555bb29d8c in ?? () from /usr/lib64/libgnutls.so.26
#16 0x00007f555bb15e7a in ?? () from /usr/lib64/libgnutls.so.26
#17 0x00007f555bb1ddd6 in ?? () from /usr/lib64/libgnutls.so.26
#18 0x00007f555bb1e67f in ?? () from /usr/lib64/libgnutls.so.26
#19 0x00007f555bb1edaf in ?? () from /usr/lib64/libgnutls.so.26
#20 0x00007f555bb0af85 in ?? () from /usr/lib64/libgnutls.so.26
#21 0x00007f555bb06c55 in ?? () from /usr/lib64/libgnutls.so.26
#22 0x00007f555bb07437 in gnutls_handshake () from
/usr/lib64/libgnutls.so.26
#23 0x00007f555c8a961b in virNetTLSSessionHandshake () from
/usr/lib64/libvirt.so.0
#24 0x00007f555c89ea2b in virNetServerClientInit () from
/usr/lib64/libvirt.so.0
#25 0x00007f555c89c821 in ?? () from /usr/lib64/libvirt.so.0
#26 0x00007f555c8a012a in ?? () from /usr/lib64/libvirt.so.0
#27 0x00007f555c79fbf5 in virEventPollRunOnce () from
/usr/lib64/libvirt.so.0
#28 0x00007f555c79e825 in virEventRunDefaultImpl () from
/usr/lib64/libvirt.so.0
#29 0x00007f555c89c20d in virNetServerRun () from /usr/lib64/libvirt.so.0
#30 0x000000000040c830 in ?? ()
It seems that virsh does not make proper use of libgcrypt or gnutls. In
fact, Libgcrypt informs us what actually is going wrong.
Please let us know if it is a known issue.
Please go through the below link for more details:
http://lists.gnupg.org/pipermail/gcrypt-devel/2008-December/001420.html
Thanking you in anticipation.
Thanks and Regards,
Anusha K.