xpra icon
Bug tracker and wiki

Opened 8 months ago

Closed 7 months ago

#1767 closed defect (fixed)

Cannot connect to a windows 10 pro server using SSL

Reported by: Luis Mendes Owned by: Luis Mendes
Priority: major Milestone: 2.3
Component: server Version: 2.2.x
Keywords: Cc:

Description (last modified by Antoine Martin)

The problem, described below is that I cannot connect using SSL.
With TCP it works fine.
One thing I remember is that VoidLinux seems to be using LibreSSL,
not OpenSSL.

  • 1.a. operating system on client 
    $ uname -a
Linux leao 4.9.80_1 #1 SMP PREEMPT Thu Feb 8 18:53:51 UTC 2018 x86_64 GNU/Linux

I've tried with kernel 4.14.xx and

  • 1.b. operating system on server 
    Windows 10 Pro version 1709 (OS Build 16299.192)

Pristine and legit installation, no other software installed by me.

  • 2. xpra showconfig (see attachment)

I haven't done changes, but the distribution packager might have.

  • 3. desktop environment xfce4-4.12.0
  • 4. unusual setup

client desktop is running in 4K

  • 5. network setup

Windows server is running in a KVM virtual machine in the same computer.
Tried with NAT only, now also with bridge only setup. Same behaviour.

  • 6. full command lines used both on the server and client

The windows server is running the xpra shadow service. No modifications.
The client works with TCP only:

XPRA_ALLOW_UNENCRYPTED_PASSWORDS=1 xpra attach --bind-tcp=0.0.0.0:10000  tcp://luispedro@192.168.1.60

The problem is that it doesn't work with SSL:

xpra attach --ssl-server-verify=none ssl://luispedro@192.168.1.60
2018-02-13 16:56:50,436 Xpra gtk2 client version 2.2.4-r18312 64-bit
2018-02-13 16:56:50,436  running on Linux VoidLinux rolling void
2018-02-13 16:56:50,436 Warning: failed to import opencv:
2018-02-13 16:56:50,437  No module named cv2
2018-02-13 16:56:50,437  webcam forwarding is disabled
2018-02-13 16:56:50,593 GStreamer version 1.12.4 for Python 2.7.14 64-bit
2018-02-13 16:56:50,660 Warning: cannot import gtk OpenGL module
2018-02-13 16:56:50,660  cannot import name gtkgl
2018-02-13 16:56:50,661 Warning: cannot import native OpenGL module
2018-02-13 16:56:50,661  No module named OpenGL
2018-02-13 16:56:50,661 Warning: no OpenGL backends found
SSL handshake failed: [Errno 104] Connection reset by peer

with the '-d all' debug option (last lines) - see attachment

  • 8. the environment

In the client (Linux):

$ echo $PATH
/home/lupe/bin:/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin:/usr/local/bin/fim
$ echo $LD_LIBRARY_PATH
(nothing)

In the server echo %PATH%:

C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\luis_.WIN-10-TRADING\AppData\Local\Microsoft\WindowsApps;
  • 9. xpra info 
    $ xpra info
xpra initialization error:
 cannot find any live servers to connect to
  • 10. xpra installation

In the client, from Void linux packaging system
version:

$ xpra --version
xpra v2.2.4-r18312

In the server, from the xpra download page:

Xpra 2.2.4 64 bit
revision 18312
  • 11. It's a new problem

First time trying xpra for work.

  • 12. other similar bugs

Not that I know of.

  • 13. other unusual issues

VoidLinux uses !LibreSSL.
No other that I know of.

  • 14. reproducible reliably

Everytime I try to connect with the above mentioned xpra line with SSL

Attachments (1)

xpra_bug.txt (46.4 KB) - added by Luis Mendes 8 months ago.
answer to guidelines

Download all attachments as: .zip

Change History (4)

Changed 8 months ago by Luis Mendes

Attachment: xpra_bug.txt added

answer to guidelines

comment:2 Changed 8 months ago by Antoine Martin

Component: androidserver
Description: modified (diff)
Milestone: 2.3
Owner: changed from Antoine Martin to Luis Mendes

(moving information where it can be found)

Your server log is full of stacktraces pointing straight to the issue:

Exception in thread new-tcp-connection:
Traceback (most recent call last):
  File "C:/msys64/mingw64/lib/python2.7/threading.py", line 801, in __bootstrap_inner
  File "C:/msys64/mingw64/lib/python2.7/threading.py", line 754, in run
  File "./xpra/server/server_core.py", line 847, in handle_new_connection
  File "./xpra/server/server_core.py", line 948, in may_wrap_socket
NameError: global name 'endpoint' is not defined

This error was fixed in the 2.2 branch in r18018 and this fix was included in the 2.2.4 release.

So my guess is that you're not running the server version you think you are.
Maybe you started the shadow server when an older version was installed?

comment:3 Changed 8 months ago by Antoine Martin

Description: modified (diff)

Never mind, the backport fix done in r18018 was wrong, so 2.2.4 was actually broken wrt ssl socket upgrades. r18429 should fix that, for real this time...

Sorry about that. I should have spotted that, maybe I tested with an earlier 2.2.x build, or with 2.3 RC which isn't affected.

Try the latest 2.2.5 RC or 2.3 beta builds: https://xpra.org/beta/windows.
(only the server side is affected and needs updating)

Just don't use the 2.2.x "python3" builds as those need yet another backport fix.

Last edited 8 months ago by Antoine Martin (previous) (diff)

comment:4 Changed 7 months ago by Antoine Martin

Resolution: fixed
Status: newclosed

Feel free to re-open if I've missed something.

Note: See TracTickets for help on using tickets.