How does TLS/VenCrypt work?

[John Haxby <john haxby oracle com>]

Hello All,

I suspect I'm missing something simple, but I can't work out how to get 
an X.509 encrypted session to work; I'm trying to connect to a qemu 
monitor and I can get anonymous TLS working without too much trouble, 
but X.509 is giving me grief.

Both vinagre and gvncviewer.py log this and then hang:

gtk-vnc: Protocol initialization
gtk-vnc: Server version: 3.8
gtk-vnc: Using version: 3.8
gtk-vnc: Possible auth 19
gtk-vnc: Thinking about auth type 19
gtk-vnc: Decided on auth type 19
gtk-vnc: Waiting for auth type
gtk-vnc: Choose auth 19
gtk-vnc: Possible auth 261
gtk-vnc: Requested auth subtype 261
gtk-vnc: Waiting for auth subtype
gtk-vnc: Choose auth 261
gtk-vnc: Do TLS handshake
gtk-vnc: Requesting missing credentials
gtk-vnc: Waiting for missing credentials

and gvncviewer.c rings the changes and ends like this instead:

(gvncviewer:26333): gtk-vnc-DEBUG: Choose auth 19
(gvncviewer:26333): gtk-vnc-DEBUG: Possible auth 261
(gvncviewer:26333): gtk-vnc-DEBUG: Requested auth subtype 261
(gvncviewer:26333): gtk-vnc-DEBUG: Waiting for auth subtype
(gvncviewer:26333): gtk-vnc-DEBUG: Choose auth 261
(gvncviewer:26333): gtk-vnc-DEBUG: Do TLS handshake
(gvncviewer:26333): gtk-vnc-DEBUG: Requesting missing credentials
Got credential request for 1 credential(s)
Failed to set credential type 2
(gvncviewer:26333): gtk-vnc-DEBUG: Requesting graceful shutdown of 
connection
(gvncviewer:26333): gtk-vnc-DEBUG: Waking up couroutine to shutdown 
gracefully
(gvncviewer:26333): gtk-vnc-DEBUG: Could not start TLS
(gvncviewer:26333): gtk-vnc-DEBUG: Auth failed
(gvncviewer:26333): gtk-vnc-DEBUG: Doing final VNC cleanup
Disconnected from server


I'm a bit of a novice with gtk (and python gtk) but I believe I need to 
register a callback for a certificate (the CA certificate for the 
server's cert?) -- I just don't know how and there doesn't seem to be 
anything in the python gtk-vnc that is geared towards this.

jch