[libvirt-users] Connecting libvirt remotely using tls: TLS handshake failed : packet with unexpected length +gnutls_handhsake Error
12:12 a.m.
Hi all,
I am facing an error while connecting libvirt remotely using tls.. I
have created CA, client and server certificates with RSA 1024 bit
using Openssl. I am using debian linux flavor in both client and
server.
*Original Error:*
(When trying to connect remote libvirt)
virsh -c xen+tls://destinationipaddr/system
error: failed to connect to the hypervisor
error: authentication failed: TLS handshake failed A TLS packet with
unexpected length was received.
In source code i found the error line. the return value is 21
./src/rpc/virnettlscontext.c: ret = gnutls_handshake(sess->session);
*Below are log details*
*client(Initiator of ssl connection ) :*
virNetTLSSessionHandshake:1351 : Ret=-21
error: authentication failed: TLS handshake failed A TLS packet with
unexpected length was received.
*In the server side,
*
virNetTLSSessionHandshake:1369 : authentication failed: TLS handshake
failed Could not negotiate a supported cipher suite.
Please guide me for solving this error
--
*Regards,Ajitha R*
12:23 a.m.
I doubt whether there is any fixed algorithm given while generating
certificates. I used RSA 1024 bit.
On Wed, Nov 19, 2014 at 11:42 AM, Ajitha Robert <ajitharobert01(a)gmail.com>
wrote:
Hi all,
I am facing an error while connecting libvirt remotely using tls.. I have created CA,
client and server certificates with RSA 1024 bit using Openssl. I am using debian linux
flavor in both client and server.
*Original Error:*
(When trying to connect remote libvirt)
virsh -c xen+tls://destinationipaddr/system
error: failed to connect to the hypervisor
error: authentication failed: TLS handshake failed A TLS packet with unexpected length
was received.
In source code i found the error line. the return value is 21
./src/rpc/virnettlscontext.c: ret = gnutls_handshake(sess->session);
*Below are log details*
*client(Initiator of ssl connection ) :*
virNetTLSSessionHandshake:1351 : Ret=-21
error: authentication failed: TLS handshake failed A TLS packet with
unexpected length was received.
*In the server side,
*
virNetTLSSessionHandshake:1369 : authentication failed: TLS handshake
failed Could not negotiate a supported cipher suite.
Please guide me for solving this error
--
*Regards,Ajitha R*
--
*Regards,Ajitha R*
3:48 a.m.
On Wed, Nov 19, 2014 at 11:53:34AM +0530, Ajitha Robert wrote:
I doubt whether there is any fixed algorithm given while generating
certificates. I used RSA 1024 bit.
Make sure you followed the setup guide precisely
http://libvirt.org/remote.html#Remote_certificates
The docs here are known to work successfully - problems people report
typically come from creating certs in the wrong way, or putting them
in the wrong location. Be particularly wary of the 'openssl' command
line tool - it generates useless certificates by default.
Also run the 'virt-pki-validate' tool on your host to check things
are in the right location.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
3656
days inactive
3656
days old
2 comments
2 participants
participants (2)
-
Ajitha Robert -
Daniel P. Berrange