[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] help with correctly configuring vnc + websockets + tls auth

From: Alex Braunegg
Subject: [Qemu-devel] help with correctly configuring vnc + websockets + tls authentication
Date: Sat, 22 Sep 2018 12:12:30 +1000

Hi all,

I am trying to debug why NoVNC will not connect to qemu 2.12.1 via
websockets when TLS is enabled. When enabling debugging on the qemu side, I
get the following error when enabling websockets & tls using

        Handshake failed TLS handshake failed: A TLS packet with unexpected
length was received.

The cert's are self signed, & work without issue for https connections, and
if I downgrade back to qemu 2.2.1 (and remove 'tls') I do net get the above
issue websoctet connections work without issue & well aware of the issues
with 2.2.1 in doing so - but it 'works'.

In diagnosing further, "websocket,tls,x509=/etc/pki/xen" appears to be
interpreted as tls-creds-x509 and with peer verify enabled as per
http://patchwork.ozlabs.org/patch/962375/ - I am not using a client cert,
nor need the peer to be verified.

When I look at the code for tls-creds, I see the following options are


However when I use either of these options with qemu in the following

libxl: debug: libxl_dm.c:2106:libxl__spawn_local_dm:   -object
libxl: debug: libxl_dm.c:2106:libxl__spawn_local_dm:   -vnc
libxl: debug: libxl_dm.c:2106:libxl__spawn_local_dm:,password,websocket,tls-creds=tls0,to=0

qemu fails with the following error:

        qemu-system-i386: -object
invalid option

Can anyone help advise how 'tls-creds-anon' or 'tls-creds-x509' should be
configured to use TLS certificates which are self signed and there is no
client certificate / peer is not verified?

Best regards,


reply via email to

[Prev in Thread] Current Thread [Next in Thread]