Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

per socket ssl options #2460

Closed
totaam opened this issue Oct 22, 2019 · 6 comments
Closed

per socket ssl options #2460

totaam opened this issue Oct 22, 2019 · 6 comments
Labels

Comments

@totaam
Copy link
Collaborator

totaam commented Oct 22, 2019

Issue migrated from trac ticket # 2460

component: network | priority: major | resolution: fixed

2019-10-22 10:08:25: antoine created the issue


Split from #2424: SSL wrapping is more difficult because it takes so many arguments, and we're not currently storing them but taking them from the config object directly. So they would need to be copied as attributes in the server object so we can re-use them later.

@totaam
Copy link
Collaborator Author

totaam commented Feb 8, 2020

2020-02-08 10:04:37: antoine changed status from new to assigned

@totaam
Copy link
Collaborator Author

totaam commented Feb 8, 2020

2020-02-08 10:04:37: antoine commented


Client side done in r25186 + r25190 + r25191.

ie:

xpra attach "ssl://localhost:10000/?ssl-server-verify-mode=none&ssl-protocol=SSLv23"

@totaam
Copy link
Collaborator Author

totaam commented Feb 9, 2020

2020-02-09 16:29:54: antoine changed status from assigned to closed

@totaam
Copy link
Collaborator Author

totaam commented Feb 9, 2020

2020-02-09 16:29:54: antoine set resolution to fixed

@totaam
Copy link
Collaborator Author

totaam commented Feb 9, 2020

2020-02-09 16:29:54: antoine commented


Done in r25197.

Examples for server side:

xpra start --start=xterm --bind-tcp=0.0.0.0:10000,ssl-cert=./ssl-cert.pem,ssl-protocol=SSLv23 --bind-ssl=0.0.0.0:10001,ssl=cert=./ssl-cert2.pem

ie: each socket will use a different cert.

All the usual ssl options can be specified individually for each socket.
The existing --ssl-XYZ command line options are still valid and are used as default values.

For ssh, see #2583

@totaam totaam closed this as completed Feb 9, 2020
@totaam
Copy link
Collaborator Author

totaam commented Jun 3, 2020

2020-06-03 07:37:32: antoine commented


Better syntax proposal in #2794

See also r27656.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant