Nir
I pushed a patch [1] which uses ssl custom code to verify the
certificates. I customized it a bit
to work with m2c. Can you please verify whether it works in your setup?
Thanks,
Piotr
[1]
On Wed, Feb 10, 2016 at 7:37 PM, Piotr Kliczewski <pkliczew(a)redhat.com> wrote:
Please try to switch to standard ssl. I need to kno2 whether it is
m2c issue
or both.
Thanks,
Piotr
10 lut 2016 19:25 "Yedidyah Bar David" <didi(a)redhat.com> napisał(a):
>
> On Wed, Feb 10, 2016 at 7:22 PM, Nir Soffer <nsoffer(a)redhat.com> wrote:
> > More details:
> >
> > - Tried couple of times
> > - Enrolled new certificate, reboot - no change
> > - Tried on 2 different hosts, 2 ways (a -> b, b -> a) - same result
> >
> > On Wed, Feb 10, 2016 at 7:19 PM, Nir Soffer <nsoffer(a)redhat.com> wrote:
> >> Hi all,
> >>
> >> Migration is broken in master, using oVirt Engine Version:
> >> 3.6.1-0.0.master.20151113175558.git6a36a6d.fc22
>
> Seems like a pretty old master to me. Perhaps try fc23 (not perfect but
> partially working) or el7.
>
> >>
> >> It fails with this error:
> >>
> >> Thread-247::ERROR::2016-02-10
> >> 18:51:57,582::migration::323::virt.vm::(run)
> >> vmId=`44ba3800-e179-4744-b9aa-952483c23030`::Failed to migrate
> >> Traceback (most recent call last):
> >> File "/usr/share/vdsm/virt/migration.py", line 292, in run
> >> self._setupVdsConnection()
> >> File "/usr/share/vdsm/virt/migration.py", line 156, in
> >> _setupVdsConnection
> >> client = self._createClient(port)
> >> File "/usr/share/vdsm/virt/migration.py", line 143, in
_createClient
> >> client_socket = utils.create_connected_socket(host, int(port),
> >> sslctx)
> >> File "/usr/lib/python2.7/site-packages/vdsm/utils.py", line 860,
in
> >> create_connected_socket
> >> sock.connect(sockaddr)
> >> File
"/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Connection.py",
> >> line 188, in connect
> >> if not check(self.get_peer_cert(), self.addr[0]):
> >> File
"/usr/lib64/python2.7/site-packages/M2Crypto/SSL/Checker.py",
> >> line 124, in __call__
> >> fieldName='commonName')
> >> WrongHost: Peer certificate commonName does not match host, expected
> >> 10.35.0.112, got
xxxxxx.tlv.redhat.com
> >>
> >> Hopefully someone can take a look.
> >>
> >> Cheers,
> >> Nir
>
>
>
> --
> Didi
_______________________________________________
Devel mailing list
Devel(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel