Hi guys,

I met a problem when I use tls to connect libvirt. 
When I set the CN in client.info, server.info as hostname(FDQN), the tls check will fail with ip; and vice versa, when set CN as ip address, the tls check will fail with hostname. Only use what we set in can succeed. If this is expected? or I there was some issue in my env. or setup steps?


1. set tls env with hostname, then it will fail to check with ip

# virsh -c qemu+tls://192.168.122.4/system
2017-12-06 13:24:52.346+0000: 3954: info : libvirt version: x.x.x, package: 4.el7 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2017-11-30-07:57:27, x.x.x.redhat.com)
2017-12-06 13:24:52.346+0000: 3954: info : hostname: work.englab.cn
2017-12-06 13:24:52.346+0000: 3954: warning : virNetTLSContextCheckCertificate:1125 : Certificate check failed Certificate [session] owner does not match the hostname 192.168.122.4
error: failed to connect to the hypervisor
error: authentication failed: Failed to verify peer's certificate

2. use the hostname as what we set can succeed.

# virsh -c qemu+tls://test.englab.cn/system
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh # 


# ping test.englab.cn
PING test.englab.cn (192.168.122.4) 56(84) bytes of data.
64 bytes from test.englab.cn (192.168.122.4): icmp_seq=1 ttl=64 time=0.235 ms
64 bytes from test.englab.cn (192.168.122.4): icmp_seq=2 ttl=64 time=0.204 ms
...



-------
Best Regards,
Yalan Zhang