Because TCP sockets can be upgraded to websockets, SSL or both (Secure websockets) - for details see #1504 and wiki/Authentication - the authentication module for the connection is not always the one expected: wrapping with websockets uses the new socket type (
ws-auth), but ssl would not! (and a wss upgrade from tcp would use ssl!)
Same problem applies to websockets upgraded to ssl (
ssl=on), or ssl sockets upgraded to secure-websockets (
Minimal? fix in r17798: keep track of the original socket type, use those authentication modules.
Backport still needed. (oh joy)
In the meantime, the easy workaround is to always make sure to set
wss-auth if you are setting
Backport in r17972.
@mamylyn: FYI, that's a bigger than usual backport.
Noted and closing.
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1731