-
Bug
-
Resolution: Won't Do
-
Undefined
-
None
-
rhel-9.2.0
Description of problem:
when using the current version supplied with RHV 4.4 SP1 VirtViewer v9.0-96 it is not possible to connect to VNC that is encrypted. My guess would be that the windows version does not actually use the CA supplied in that file via console.vv
The CA is supplied in that file like this:
[virt-viewer]
type=vnc
....
[ovirt]
ca=----BEGIN CERTIFICATE----\nMI...
Version-Release number of selected component (if applicable):
VirtViewer v9.0-96
How reproducible:
RHV 4.4 SP1 VM with VNC encryption enabled
Steps to Reproduce:
1. Make sure you have selected VNC and native client in RHV Manager
2. Click on Console
3. Download console.vv
4. use that file to start virt viewer
Actual results:
C:\Program Files\VirtViewer v9.0-96\bin>remote-viewer.exe -vvv --gtk-vnc-debug "c:\Users\username\Downloads\console.vv"
C:\Program Files\VirtViewer v9.0-96\bin>Guest (NULL) has a vnc display
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:29.759: ../../src/vncconnection.c Init VncConnection=0000000004BF5640
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:29.759: ../../src/vncdisplaykeymap.c Using Win32 virtual keycode mapping
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:29.760: ../../src/vncdisplay.c Grab sequence is now Control_L+Alt_L
(remote-viewer.exe:14648): libsoup-WARNING **: 10:20:29.763: Could not set SSL credentials from '/etc/pki/tls/certs/ca-bundle.crt': Datei »/etc/pki/tls/certs/ca-bundle.crt« konnte nicht geöffnet werden: No such file or directory
(remote-viewer.exe:14648): libsoup-WARNING **: 10:20:29.768: Could not set SSL credentials from '/etc/pki/tls/certs/ca-bundle.crt': Datei »/etc/pki/tls/certs/ca-bundle.crt« konnte nicht geöffnet werden: No such file or directory
(remote-viewer.exe:14648): GLib-Net-WARNING **: 10:20:29.825: couldn't load TLS file database: Datei »/etc/pki/tls/certs/ca-bundle.crt« konnte nicht geöffnet werden: No such file or directory
(remote-viewer.exe:14648): GLib-Net-WARNING **: 10:20:29.878: couldn't load TLS file database: Datei »/etc/pki/tls/certs/ca-bundle.crt« konnte nicht geöffnet werden: No such file or directory
Opening connection to display at c:\Users\username\Downloads\console.vv
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:29.993: ../../src/vncconnection.c Open host=hostname.domain.tld port=5900
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:30.470: ../../src/vncconnection.c Open coroutine starting
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:30.471: ../../src/vncconnection.c Started background coroutine
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:30.472: ../../src/vncconnection.c Resolving host hostname.domain.tld 5900
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:30.510: ../../src/vncconnection.c Trying one socket
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:30.536: ../../src/vncconnection.c Socket pending
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:30.576: ../../src/vncconnection.c Finally connected
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:30.585: ../../src/vncconnection.c Emit main context 13
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:30.636: ../../src/vncdisplay.c Grab sequence is now
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:30.681: ../../src/vncdisplay.c Connected to VNC server
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:30.743: ../../src/vncconnection.c Protocol initialization
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:30.817: ../../src/vncconnection.c Server version: 3.8
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:30.876: ../../src/vncconnection.c Sending full greeting
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:30.936: ../../src/vncconnection.c Using version: 3.8
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.027: ../../src/vncconnection.c Possible auth 19
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.204: ../../src/vncconnection.c Emit main context 11
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.206: ../../src/vncconnection.c Thinking about auth type 19
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.261: ../../src/vncconnection.c Decided on auth type 19
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.294: ../../src/vncconnection.c Waiting for auth type
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.358: ../../src/vncconnection.c Choose auth 19
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.426: ../../src/vncconnection.c Checking if credentials are needed
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.477: ../../src/vncconnection.c No credentials required
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.533: ../../src/vncconnection.c Read error A non-blocking socket operation could not be completed immediately.
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.597: ../../src/vncconnection.c Read error A non-blocking socket operation could not be completed immediately.
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.633: ../../src/vncconnection.c Possible VeNCrypt sub-auth 261
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.702: ../../src/vncconnection.c Emit main context 12
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.726: ../../src/vncconnection.c Requested auth subtype 261
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.799: ../../src/vncconnection.c Waiting for VeNCrypt auth subtype
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.805: ../../src/vncconnection.c Choose auth 261
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.808: ../../src/vncconnection.c Checking if credentials are needed
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.829: ../../src/vncconnection.c No credentials required
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.863: ../../src/vncconnection.c Read error A non-blocking socket operation could not be completed immediately.
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.937: ../../src/vncconnection.c Do TLS handshake
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.987: ../../src/vncconnection.c Checking if credentials are needed
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:31.989: ../../src/vncconnection.c Want a TLS clientname
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.015: ../../src/vncconnection.c Requesting missing credentials
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.061: ../../src/vncconnection.c Emit main context 10
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.142: ../../src/vncconnection.c Set credential 2 libvirt
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.148: ../../src/vncconnection.c Searching for certs in /usr/x86_64-w64-mingw32/sys-root/mingw/etc/pki
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.208: ../../src/vncconnection.c Failed to find certificate CA/cacert.pem
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.209: ../../src/vncconnection.c No CA certificate provided, using GNUTLS global trust
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.211: ../../src/vncconnection.c Failed to find certificate CA/cacrl.pem
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.212: ../../src/vncconnection.c Failed to find certificate libvirt/private/clientkey.pem
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.214: ../../src/vncconnection.c Failed to find certificate libvirt/clientcert.pem
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.215: ../../src/vncconnection.c Waiting for missing credentials
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.217: ../../src/vncconnection.c Got all credentials
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.271: ../../src/vncconnection.c No CA certificate provided; trying the system trust store instead
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.300: ../../src/vncconnection.c Using the system trust store and CRL
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.317: ../../src/vncconnection.c No client cert or key provided
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.329: ../../src/vncconnection.c No CA revocation list provided
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.331: ../../src/vncconnection.c Error: Failed to complete handshake Error in the pull function.
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.332: ../../src/vncconnection.c Emit main context 16
(remote-viewer.exe:14648): virt-viewer-WARNING **: 10:20:32.333: vnc-session: got vnc error Failed to complete handshake Error in the pull function.
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.387: ../../src/vncdisplay.c VNC server error
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.389: ../../src/vncconnection.c Auth failed
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.389: ../../src/vncconnection.c Doing final VNC cleanup
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.390: ../../src/vncconnection.c Close VncConnection=0000000004BF5640
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.391: ../../src/vncconnection.c Emit main context 15
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.392: ../../src/vncdisplay.c Disconnected from VNC server
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:32.393: ../../src/vncdisplay.c Grab sequence is now
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:35.588: ../../src/vncconnection.c Init VncConnection=00000000097250F0
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:35.589: ../../src/vncdisplaykeymap.c Using Win32 virtual keycode mapping
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:35.590: ../../src/vncdisplay.c Grab sequence is now Control_L+Alt_L
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:35.593: ../../src/vncdisplay.c Display destroy, requesting that VNC connection close
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:35.595: ../../src/vncdisplay.c Releasing VNC widget
(remote-viewer.exe:14648): gtk-vnc-DEBUG: 10:20:35.596: ../../src/vncconnection.c Finalize VncConnection=00000000097250F0
Expected results:
Working connection
Additional info:
RHV Support Case 03446282
- external trackers
