| 86 | |
| 87 | |
| 88 | {{{ |
| 89 | == Securing with self signed certificates == |
| 90 | |
| 91 | See [https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software] and [https://blog.sucuri.net/2016/03/beware-unverified-tls-certificates-php-python.html Beware of Unverified TLS Certificates in PHP & Python]. |
| 92 | See also: [https://lwn.net/Articles/666353/ Fallout from the Python certificate verification change]. |
| 93 | |
| 94 | Since the server certificate will not be signed by any recognized certificate authorities, you will need to send the ca_cert file to the client via some other means... This will no be handled by xpra, it simply cannot be. (same as the AES key, at which point... you might as well use AES) |
| 95 | |
| 96 | See [https://carlo-hamalainen.net/blog/2013/1/24/python-ssl-socket-echo-test-with-self-signed-certificate Python SSL socket echo test with self-signed certificate] for generating this x509 keystore. (''server.crt'' in this example). |
| 97 | }}} |