Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-7531

chardev tcp connection with tls disconnected after vm start

XMLWordPrintable

    • qemu-kvm-8.2.0-1.el9
    • Normal
    • TestOnly
    • sst_virtualization
    • ssg_virtualization
    • None
    • False
    • Hide

      None

      Show
      None
    • Pass
    • If docs needed, set a value
    • None

      Description of problem:
      chardev tcp connection with tls disconnected after vm start

      Version-Release number of selected component (if applicable):
      libvirt-9.4.0-1.fc39.x86_64
      qemu-kvm-8.0.0-3.fc39.x86_64

      How reproducible:
      100%

      Steps to Reproduce:

      scenario : start a guest with a chardev as a tcp client----------------------------
      1.prepare tls env and start a server

      1. ll /etc/pki/libvirt-chardev/
        total 36
        rw-rr-. 1 root root 1448 May 4 06:31 ca-cert.pem
        rw-rr-. 1 root root 8177 May 4 06:31 ca-key.pem
        rw-rr-. 1 root root 1582 May 4 06:31 client-cert.pem
        rw-rr-. 1 root root 8167 May 4 06:31 client-key.pem
        rw-rr-. 1 root root 1582 May 4 06:31 server-cert.pem
        rw-rr-. 1 root root 8177 May 4 06:31 server-key.pem
      1. gnutls-serv --echo --x509cafile /etc/pki/libvirt-chardev/ca-cert.pem --x509keyfile /etc/pki/libvirt-chardev/server-key.pem --x509certfile /etc/pki/libvirt-chardev/server-cert.pem
        Processed 1 CA certificate(s).
        Echo Server listening on IPv4 0.0.0.0 port 5556...done
        Echo Server listening on IPv6 :: port 5556...done

      2. modify qemu.conf
      ...
      chardev_tls = 1
      chardev_tls_x509_cert_dir = "/etc/pki/libvirt-chardev"
      ...

      3. start a guest with a chardev as tcp client

      1. virsh dumpxml rhel9-bugverify --xpath //console
        <console type="tcp">
        <source mode="connect" host="127.0.0.1" service="5556" tls="yes"/>
        <protocol type="raw"/>
        <target type="serial" port="0"/>
        <alias name="serial0"/>
        </console>
      1. virsh start rhel9-bugverify
        Domain 'rhel9-bugverify' started

      (on server side)

      • Accepted connection from IPv4 127.0.0.1 port 34794 on Mon May 8 08:11:44 202
      • Peer's certificate was NOT verified.
      • Description: (TLS1.3-X.509)(ECDHE-X25519)(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
        .......................

      .......................

      • Ephemeral EC Diffie-Hellman parameters
      • Using curve: X25519
      • Curve size: 256 bits
      • Version: TLS1.3
      • Server Signature: RSA-PSS-RSAE-SHA256
      • Client Signature: RSA-PSS-RSAE-SHA256
      • Cipher: AES-256-GCM
      • MAC: AEAD
      • Options: extended master secret, safe renegotiation,
      • Channel bindings
      • 'tls-unique': not available
      • 'tls-server-end-point': 7fd09330c70a23c0cefa1a08153a2d775537662218391ce960dccf11cc6a8174
      • 'tls-exporter': 85b17844f9643d367f63effa480b916d0f95905e4d8ae9427749684245135ddf
        Error while receiving data
        Error: The TLS connection was non-properly terminated.

      Actual results:
      get error on server side and no boot info

      Error while receiving data
      Error: The TLS connection was non-properly terminated.

      Expected results:
      client guest boot info displayed on server side.

      Additional info:

            mlureau Marc-Andre Lureau
            rhn-support-zhetang Zhen Tang
            virt-maint virt-maint
            NaNa Liu NaNa Liu
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: