search for: remote_tls_server_certificates

Hi, I'm trying to add TLS migrations to oVirt, but I've hit a problem with certificate checking. oVirt uses the destination host IP address, rather than the host name, in the migration URI passed to virDomainMigrateToURI3. One reason for doing that is that a separate migration network may be used for migrations, while the host name resolves to the management network interface. But it

...it doesn't solve the problem with tracking IP address changes and updating the corresponding certificates whenever a change occurs. > If you look at our docs, we updated them to illustrate how to > issue certs containing hostnames + IP addresses: > > https://libvirt.org/remote.html#Remote_TLS_server_certificates > >> >> Is there any way to make TLS migrations working under these >> circumstances? For instance, SPICE remote-viewer allows the client to >> specify the certificate subject to expect on the host when connecting to >> it using an IP address. Can (or could) libv...

...ess changes and updating the corresponding certificates whenever a >> change occurs. >> >> > If you look at our docs, we updated them to illustrate how to >> > issue certs containing hostnames + IP addresses: >> > >> > https://libvirt.org/remote.html#Remote_TLS_server_certificates >> > >> >> >> >> Is there any way to make TLS migrations working under these >> >> circumstances? For instance, SPICE remote-viewer allows the client to >> >> specify the certificate subject to expect on the host when connecting to >>...

...eld should be completely ignored by compliant TLS clients, so you are free to put whatever you want in the common name - hostname or IP address or blah... If you look at our docs, we updated them to illustrate how to issue certs containing hostnames + IP addresses: https://libvirt.org/remote.html#Remote_TLS_server_certificates > > Is there any way to make TLS migrations working under these > circumstances? For instance, SPICE remote-viewer allows the client to > specify the certificate subject to expect on the host when connecting to > it using an IP address. Can (or could) libvirt do something similar...

...th tracking IP > address changes and updating the corresponding certificates whenever a > change occurs. > > > If you look at our docs, we updated them to illustrate how to > > issue certs containing hostnames + IP addresses: > > > > https://libvirt.org/remote.html#Remote_TLS_server_certificates > > > >> > >> Is there any way to make TLS migrations working under these > >> circumstances? For instance, SPICE remote-viewer allows the client to > >> specify the certificate subject to expect on the host when connecting to > >> it using an IP...

Hi guys, I met a problem when I use tls to connect libvirt. When I set the CN in client.info, server.info as hostname(FDQN), the tls check will fail with ip; and vice versa, when set CN as ip address, the tls check will fail with hostname. Only use what we set in can succeed. If this is expected? or I there was some issue in my env. or setup steps? 1. set tls env with hostname, then it will

...the corresponding certificates whenever a >>> change occurs. >>> >>> > If you look at our docs, we updated them to illustrate how to >>> > issue certs containing hostnames + IP addresses: >>> > >>> > https://libvirt.org/remote.html#Remote_TLS_server_certificates >>> > >>> >> >>> >> Is there any way to make TLS migrations working under these >>> >> circumstances? For instance, SPICE remote-viewer allows the client to >>> >> specify the certificate subject to expect on the host when co...