Xpra: Ticket #1927: proxy "cannot steal a closed connection" with ssl sockets

Server started with:

sudo /usr/bin/python2 /usr/bin/xpra proxy :14500 \
    --daemon=no --tcp-auth=sys --socket-dirs=/tmp --socket-permissions=666 \
    --log-dir=/var/log --pidfile=/run/xpra.pid \
    --bind-tcp=0.0.0.0:14500 --ssl=on --ssl-cert=./cert.pem

Then an HTML5 client connecting using https requests a new session (ie: start-command: xterm).

This fails with:

Entering daemon mode; any further errors will be reported to:
  /run/user/1000/xpra/S7280.log
2018-08-01 23:16:13,686 New ssl connection received from 127.0.0.1:34398 on 0.0.0.0:14500
Actual display used: :4
Actual log file name is now: /run/user/1000/xpra/:4.log
2018-08-01 23:16:20,887 server error processing new connection from Protocol(None): cannot steal a closed connection
Traceback (most recent call last):
  File "/usr/lib64/python2.7/site-packages/xpra/server/server_core.py", line 1597, in call_hello_oked
    self.hello_oked(proto, packet, c, auth_caps)
  File "/usr/lib64/python2.7/site-packages/xpra/server/proxy/proxy_server.py", line 188, in hello_oked
    self.proxy_auth(proto, c, auth_caps)
  File "/usr/lib64/python2.7/site-packages/xpra/server/proxy/proxy_server.py", line 223, in proxy_auth
    self.proxy_session(client_proto, c, auth_caps, sessions)
  File "/usr/lib64/python2.7/site-packages/xpra/server/proxy/proxy_server.py", line 346, in proxy_session
    client_conn = client_proto.steal_connection(unexpected_packet)
  File "/usr/lib64/python2.7/site-packages/xpra/net/protocol.py", line 1053, in steal_connection
    assert not self._closed, "cannot steal a closed connection"
AssertionError: cannot steal a closed connection

The exact same process works when connecting using plain http instead.

Maybe we can't handover the full socket state to the new proxy instance process? Or maybe it's a blocking / non-blocking socket issue.



Thu, 02 Aug 2018 21:23:25 GMT - Antoine Martin: status changed; resolution set

Ugly but small fix in r19997. It would be better to include this hard-coded string somewhere else, in the wss / ssl only code, but I tried and that was just too messy.


Sat, 15 Feb 2020 04:42:45 GMT - Antoine Martin:

Workaround removed in v4: r25231. Works OK without.


Sat, 23 Jan 2021 05:37:31 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1927