AGPL spice-web-client is a spice html5 library from eyeos with another fork from flexvdi. I have tested them with libvirt (no encryption/authentication) and they really work great. I want to use them with Ovirt since spice-html5 is under-performant. However with ovirt I have to deal with authentication and ssl encryption. Since the OVirt certificate is self signed I cannot really ask users to import it (anyway that didn't work when I tried as it is missing the root certificate from the download link on the OVirt web admin console). 

So far I am able to get a proxy setup using websockify and provide my own certificate and proxy it back to libvirt. I identified from the console.vv file the minimum fields remote-viewer needs to make a secure connection to OVirt. Now I need my websockyproxy to do the same

Any help on getting this working will be appreciated. I haven't found any documentation on how this is working. I am ready to read remote-viewer code to try to figure out though

Thanks

On Fri, Mar 19, 2021 at 8:22 AM Michal Skrivanek <michal.skrivanek@redhat.com> wrote:
Hi,

> On 19. 3. 2021, at 3:56, Pascal D <pascal@butterflyit.com> wrote:
>
> Hi,
>
> I am trying to get the spice-web-client working with ovirt.

what is spice-web-client?

> One area where I am having difficulties is authentication.Looking at remote-viewer on linux I am able to see that the minimum fields to have a successful spice connection are the following:
>
> [virt-viewer]
> type=spice
> host=70.xxx.176.xxx
> port=5914
> password=WQJQWCo+s8tK
> tls-port=5915
> tls-ciphers=DEFAULT
> host-subject=O=xxxx.com,CN=d1c1v5.xxx.net
> ca=-----BEGIN CERTIFICATE-----\nMIIDzDCCArSgAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwSzELMAkGA1UEBhMCVVMxGDAWBgNVBAoM\nD2J1dHRlcmZseWl0LmNvbTEiMCAGA1UEAwwZb3YxLmJ1dHRlcmZseWl0LmNvbS40NTQ2NTAeFw0x\nOTA2MDQwMDMyMDVaFw0yOTA2MDIwMDMyMxxxxxxxxxxxxxxxxxxxxxxxxdXR0\nZXJmbHlpdC5jb20xIjAgBgNVBAMMGW92MS5idXR0ZXJmbHlpdC5jb20uNDU0NjUwggEiMA0GCSqG\nSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD218EJkIJewgmeDFcUM7vEQ3RQ4nL9ZNEg+zORlruLKON\neZRDfgXei3XTt+VFUNTrxBjepf+yN3WjhVP+lDeDveZU/3OYKj9dSewlz7Mj1XTKE8DXDMIGYc79\nXUrcSoiEjCRG1eB+w+uyP4WK0AlJwGKav3AZuU5awjvYAftkW0RhOgdjp80ofuoC3K9TUPPjemtw\n3EWb4bjRcWiDUj8owfhhAHnb4RfacUSMQmYpVJ5YfRunYrCOixlOeGx7PkvXLqWmu2Rnrnk7TNn6\nv74fHh3ruHmZHLk2i6/yNoOAiJC/M8piCGZ3tiOcnPcYF2ZoX+Ud6BV69Hp6SxnF/eCXAgMBAAGj\ngbkwgbYwHQYDVR0OBBYEFAlrTpLGY5Dq6gtA7d7CXc1QAFmOMHQGA1UdIwRtMGuAFAlrTpLGY5Dq\n6gtA7d7CXc1QAFmOoU+kTTBLMQswCQYDVQQGEwJVUzEYMBYGA1UECgwPYnV0dGVyZmx5aXQuY29t\nMSIwIAYDVQQDDBlvdjEuYnV0dGVyZmx5aXQuY29tLjQ1NDY1ggIQADAPBgNVHRMBAf8EBTADAQH/\nMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCA
> QEAoC8Nx/s4Uafgc3iyzxbLPb/chQ8U\n7+lULXTq+ZLOuMDdu6UKt7qKZpJZK8ZhjFh/1yVOnpzm7Np+oP7TQlOUkup8X4HsfAwrCgNK1IT1\nETdbdMYD8HYFjxz/0xbnMkJAHfPEh1vtqplw3YhVgiAZfZfT8HzVY/xGkjurvxSyVjBSbn+4uao1\n6W9URt2rWTHn+XxoT+j+cx8vv1WKsynlMBtUjCFy8eR7ZDngRcM/9iRkRCGHJvWJmi1CRrQeE5RZ\nvBH0zE64J3cOJj4BSlN3wOYWiRq28XLB9epDDyZaRpnsqLCOq/+/LscM7iPW1acdCoCu68nJUwTQ\nh1Jh7vQjCQ==\n-----END CERTIFICATE-----\n
>
>
> with this I can successfully connect to a vm. Now I would like to do the same from spice-web-client but websockify doesn't give me a tls-port. 

a tls-port for what? the one in .vv file is the qemu/spice-server tls port

> How to could I implement this? Is there a wrapper that exists that I can pass to websockify to do the authentication on the port + 1 (it seems it is always the next port)

the authentication in .vv file is for the SPICE protocol. it’s for the “spice-web-client” to implement that.

Thanks,
michal

>
> Thanks in advance for your help
> _______________________________________________
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-leave@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/B7MIZRV5PHVVVMAX3GQSZCAYDUZI4HH7/
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/YPZ5CFLOXUFBKOAVBTLBRBMI5MOX3V75/