[Qemu-devel] help with correctly configuring vnc + websockets + tls authentication

[Alex Braunegg]

Hi all,

I am trying to debug why NoVNC will not connect to qemu 2.12.1 via
websockets when TLS is enabled. When enabling debugging on the qemu side, I
get the following error when enabling websockets & tls using
"websocket,tls,x509=/etc/pki/xen"

        Handshake failed TLS handshake failed: A TLS packet with unexpected
length was received.

The cert's are self signed, & work without issue for https connections, and
if I downgrade back to qemu 2.2.1 (and remove 'tls') I do net get the above
issue websoctet connections work without issue & well aware of the issues
with 2.2.1 in doing so - but it 'works'.

In diagnosing further, "websocket,tls,x509=/etc/pki/xen" appears to be
interpreted as tls-creds-x509 and with peer verify enabled as per
http://patchwork.ozlabs.org/patch/962375/ - I am not using a client cert,
nor need the peer to be verified.

When I look at the code for tls-creds, I see the following options are
available:

        -object
tls-creds-anon,address@hidden,address@hidden,address@hidden/path/to/cred/di
r},address@hidden|off}
        -object
tls-creds-x509,address@hidden,address@hidden,address@hidden/path/to/cred/di
r},address@hidden,address@hidden|off},address@hidden

However when I use either of these options with qemu in the following
manner:

libxl: debug: libxl_dm.c:2106:libxl__spawn_local_dm:   -object
tls-creds-anon,id=tls0,endpoint=server,dir=/etc/pki/xen,verify-peer=off
libxl: debug: libxl_dm.c:2106:libxl__spawn_local_dm:   -vnc
libxl: debug: libxl_dm.c:2106:libxl__spawn_local_dm:
0.0.0.0:0,password,websocket,tls-creds=tls0,to=0

qemu fails with the following error:

        qemu-system-i386: -object
tls-creds-anon,id=tls0,endpoint=server,dir=/etc/pki/xen,verify-peer=off:
invalid option

Can anyone help advise how 'tls-creds-anon' or 'tls-creds-x509' should be
configured to use TLS certificates which are self signed and there is no
client certificate / peer is not verified?

Best regards,

Alex