[libvirt-users] Connecting libvirt remotely using tls: TLS handshake failed : packet with unexpected length +gnutls_handhsake Error
Hi all, I am facing an error while connecting libvirt remotely using tls.. I have created CA, client and server certificates with RSA 1024 bit using Openssl. I am using debian linux flavor in both client and server. *Original Error:* (When trying to connect remote libvirt) virsh -c xen+tls://destinationipaddr/system error: failed to connect to the hypervisor error: authentication failed: TLS handshake failed A TLS packet with unexpected length was received. In source code i found the error line. the return value is 21 ./src/rpc/virnettlscontext.c: ret = gnutls_handshake(sess->session); *Below are log details* *client(Initiator of ssl connection ) :* virNetTLSSessionHandshake:1351 : Ret=-21 error: authentication failed: TLS handshake failed A TLS packet with unexpected length was received. *In the server side, * virNetTLSSessionHandshake:1369 : authentication failed: TLS handshake failed Could not negotiate a supported cipher suite. Please guide me for solving this error -- *Regards,Ajitha R*
I doubt whether there is any fixed algorithm given while generating certificates. I used RSA 1024 bit. On Wed, Nov 19, 2014 at 11:42 AM, Ajitha Robert <ajitharobert01@gmail.com> wrote:
Hi all,
I am facing an error while connecting libvirt remotely using tls.. I have created CA, client and server certificates with RSA 1024 bit using Openssl. I am using debian linux flavor in both client and server.
*Original Error:*
(When trying to connect remote libvirt)
virsh -c xen+tls://destinationipaddr/system
error: failed to connect to the hypervisor error: authentication failed: TLS handshake failed A TLS packet with unexpected length was received.
In source code i found the error line. the return value is 21
./src/rpc/virnettlscontext.c: ret = gnutls_handshake(sess->session);
*Below are log details*
*client(Initiator of ssl connection ) :*
virNetTLSSessionHandshake:1351 : Ret=-21
error: authentication failed: TLS handshake failed A TLS packet with unexpected length was received.
*In the server side, *
virNetTLSSessionHandshake:1369 : authentication failed: TLS handshake failed Could not negotiate a supported cipher suite.
Please guide me for solving this error
--
*Regards,Ajitha R*
-- *Regards,Ajitha R*
On Wed, Nov 19, 2014 at 11:53:34AM +0530, Ajitha Robert wrote:
I doubt whether there is any fixed algorithm given while generating certificates. I used RSA 1024 bit.
Make sure you followed the setup guide precisely http://libvirt.org/remote.html#Remote_certificates The docs here are known to work successfully - problems people report typically come from creating certs in the wrong way, or putting them in the wrong location. Be particularly wary of the 'openssl' command line tool - it generates useless certificates by default. Also run the 'virt-pki-validate' tool on your host to check things are in the right location. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
participants (2)
-
Ajitha Robert -
Daniel P. Berrange