xpra icon
Bug tracker and wiki

This bug tracker and wiki are being discontinued
please use https://github.com/Xpra-org/xpra instead.


Opened 22 months ago

Closed 18 months ago

Last modified 6 months ago

#2460 closed enhancement (fixed)

per socket ssl options

Reported by: Antoine Martin Owned by: Antoine Martin
Priority: major Milestone: 4.0
Component: network Version: 3.0.x
Keywords: Cc:

Description

Split from #2424: SSL wrapping is more difficult because it takes so many arguments, and we're not currently storing them but taking them from the config object directly. So they would need to be copied as attributes in the server object so we can re-use them later.

Change History (4)

comment:1 Changed 18 months ago by Antoine Martin

Status: newassigned

Client side done in r25186 + r25190 + r25191.

ie:

xpra attach "ssl://localhost:10000/?ssl-server-verify-mode=none&ssl-protocol=SSLv23"

comment:2 Changed 18 months ago by Antoine Martin

Resolution: fixed
Status: assignedclosed

Done in r25197.

Examples for server side:

xpra start --start=xterm --bind-tcp=0.0.0.0:10000,ssl-cert=./ssl-cert.pem,ssl-protocol=SSLv23 --bind-ssl=0.0.0.0:10001,ssl=cert=./ssl-cert2.pem

ie: each socket will use a different cert.

All the usual ssl options can be specified individually for each socket.
The existing --ssl-XYZ command line options are still valid and are used as default values.

For ssh, see #2583

Last edited 18 months ago by Antoine Martin (previous) (diff)

comment:3 Changed 14 months ago by Antoine Martin

Better syntax proposal in #2794

See also r27656.

Last edited 10 months ago by Antoine Martin (previous) (diff)

comment:4 Changed 6 months ago by migration script

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2460

Note: See TracTickets for help on using tickets.