libvirt users - Nov 2014 - Re: Connecting libvirt remotely using tls: TLS handshake failed : packet with unexpected length +gnutls_handhsake Error

Hi all,

I am facing an error while connecting libvirt remotely using tls.. I
have created CA, client and server certificates with RSA 1024 bit
using Openssl. I am using debian linux flavor in both client and
server.

*Original Error:*

(When trying to connect remote libvirt)

virsh -c xen+tls://destinationipaddr/system

error: failed to connect to the hypervisor
error: authentication failed: TLS handshake failed A TLS packet with
unexpected length was received.


In source code i found the error line. the return value is 21

./src/rpc/virnettlscontext.c: ret = gnutls_handshake(sess->session);


*Below are log details*

*client(Initiator of ssl connection ) :*

virNetTLSSessionHandshake:1351 : Ret=-21

error: authentication failed: TLS handshake failed A TLS packet with
unexpected length was received.

*In the server side,
*

 virNetTLSSessionHandshake:1369 : authentication failed: TLS handshake
failed Could not negotiate a supported cipher suite.


Please guide me for solving this error

-- 


*Regards,Ajitha R*

I doubt whether there is any fixed algorithm given while generating
certificates. I used RSA 1024 bit.

On Wed, Nov 19, 2014 at 11:42 AM, Ajitha Robert <ajitharobert01@gmail.com>
wrote:
>
> Hi all,
>
> I am facing an error while connecting libvirt remotely using tls.. I have
created CA, client and server certificates with RSA 1024 bit using Openssl. I am
using debian linux flavor in both client and server.
>
> *Original Error:*
>
> (When trying to connect remote libvirt)
>
> virsh -c xen+tls://destinationipaddr/system
>
> error: failed to connect to the hypervisor
> error: authentication failed: TLS handshake failed A TLS packet with
unexpected length was received.
>
>
> In source code i found the error line. the return value is 21
>
> ./src/rpc/virnettlscontext.c: ret = gnutls_handshake(sess->session);
>
>
> *Below are log details*
>
> *client(Initiator of ssl connection ) :*
>
> virNetTLSSessionHandshake:1351 : Ret=-21
>
> error: authentication failed: TLS handshake failed A TLS packet with
> unexpected length was received.
>
> *In the server side,
> *
>
>  virNetTLSSessionHandshake:1369 : authentication failed: TLS handshake
> failed Could not negotiate a supported cipher suite.
>
>
> Please guide me for solving this error
>
> --
>
>
> *Regards,Ajitha R*
>


-- 


*Regards,Ajitha R*

On Wed, Nov 19, 2014 at 11:53:34AM +0530, Ajitha Robert
wrote:
> I doubt whether there is any fixed algorithm given while generating
> certificates. I used RSA 1024 bit.
Make sure you followed the setup guide precisely

  http://libvirt.org/remote.html#Remote_certificates

The docs here are known to work successfully - problems people report
typically come from creating certs in the wrong way, or putting them
in the wrong location. Be particularly wary of the 'openssl' command
line tool - it generates useless certificates by default.

Also run the 'virt-pki-validate' tool on your host to check things
are in the right location.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|