Xpra: Ticket #1731: inconsistent authentication handling

Because TCP sockets can be upgraded to websockets, SSL or both (Secure websockets) - for details see #1504 and wiki/Authentication - the authentication module for the connection is not always the one expected: wrapping with websockets uses the new socket type (ws-auth), but ssl would not! (and a wss upgrade from tcp would use ssl!)

Same problem applies to websockets upgraded to ssl (bind-ws with ssl=on), or ssl sockets upgraded to secure-websockets (bind-ssl with html=on).



Sat, 30 Dec 2017 09:50:31 GMT - Antoine Martin: status changed

Minimal? fix in r17798: keep track of the original socket type, use those authentication modules.

Backport still needed. (oh joy)

In the meantime, the easy workaround is to always make sure to set ssl-auth, ws-auth and wss-auth if you are setting tcp-auth.


Thu, 11 Jan 2018 05:09:09 GMT - Antoine Martin: owner, status changed

Backport in r17972.

@mamylyn: FYI, that's a bigger than usual backport.


Thu, 11 Jan 2018 17:40:32 GMT - J. Max Mena: status changed; resolution set

Noted and closing.


Sat, 23 Jan 2021 05:32:18 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1731