Re: [winswitch] SSL issue (was HTML Client - howto and problems)

Mon, 20 Jun 2022 00:39:45 -0700 

--bind-tcp=0.0.0.0:14500 --html=on should do the trick, correct?

The html5 client documentation uses port 10000, which is usually free:
https://github.com/Xpra-org/xpra-html5#usage
xpra start --html=on --env=XPRA_VAAPI=0 --env=CUTTER_THRESHOLD=0 :100 --start=/home/theprogramIstartup 
"--env=XPRA_VAAPI=0" is also the default.


SSL issue now....

Server: 4.3.3 Kubuntu 20.04 XPRA HTML 5.0
Client: 4.3.3 Kubuntu 20.04 w/FF 100.0


using:


xpra start --bind-tcp=0.0.0.0:10000 --html=on 
--ssl-cert=/etc/xpra/ssl-cert.pem --ssl=on --env=XPRA_VAAPI=0 ....

You're trying to use the SSL certificate which is generated for the 
system wide proxy service, which runs as root.



Making this certificate world readable would allow anyone with access to 
the file to decrypt all SSL traffic used by this service.

FF refuses to connect, doesn't give the option to accept the self signed 
cert,


Check the /var/log....


  from tcp socket: <socket.socket fd=22, family=AddressFamily.AF_INET, 
type=SocketKind.SOCK_STREAM, proto=0, laddr=('192.168.0.z', 10000), 
raddr=('192.168.0.z', 39584)>

2022-06-15 10:36:04,273  no certificate paths specified
2022-06-15 10:36:04,273  [Errno 13] Permission denied
2022-06-15 10:36:04,281 Error: failed to create SSL socket

2022-06-15 10:36:04,281  from tcp socket: <socket.socket fd=22, 
family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, 
laddr=('192.168.0.z', 10000), raddr=('192.168.0.z', 39586)>

2022-06-15 10:36:04,281  no certificate paths specified
2022-06-15 10:36:04,282  [Errno 13] Permission denied

Ummm, but yes I did spec a path for the cert

Yes, but not a valid one. "Permission denied"


checking /etc/xpra/

/etc/xpra$ ls -larth

(..)

-rw-------   1 root root 5.2K Jul  3  2021 ssl-cert.pem

(..)


Yes, ssl-cert.pem has a cert in it, not posting it for obvious reasons...

Should this stuff really be owned by root????????

Yes.

Users should not share SSL certificates. More information here:
https://github.com/Xpra-org/xpra/blob/master/docs/Network/SSL.md

Cheers,
Antoine


Shrug?????


_______________________________________________
shifter-users mailing list
shifter-users@lists.devloop.org.uk
https://lists.devloop.org.uk/mailman/listinfo/shifter-users


_______________________________________________
shifter-users mailing list
shifter-users@lists.devloop.org.uk
https://lists.devloop.org.uk/mailman/listinfo/shifter-users






















					Reply via email to