First problem is that despite having --ssl-cert=/etc/xpra/ssl-cert.pem
the proxy command line doesn't specify ssl=on
.
More importantly, after enabling ssl (and workaround Ubuntu platform bugs: ticket:1521#comment:12), we still get an error:
socket tcp socket: ::ffff:127.0.0.1, 14500, 0, 0 <- ::ffff:127.0.0.1, 53728, 0, 0 peek: got 170 bytes socket peek="\x16\x03\x01\x00\xa5\x01\x00\x00\xa1\x03\x03v{\xfe{\x87\x881N\xbe\x9d\xaa\x8f\x9dX\xcbo\x85\xdd\xa3\xb9\xcd6\n\x1aY\x0b\xe5\x0b\xab\x10\xaai\x00\x008\xc0,\xc00\x00\x9f\xcc\xa9\xcc\xa8\xcc\xaa\xc0+\xc0/\x00\x9e\xc0$\xc0(\x00k\xc0#\xc0'\x00g\xc0\n\xc0\x14\x009\xc0\t\xc0\x13\x003\x00\x9d\x00\x9c\x00=\x00<\x005\x00/\x00\xff\x01\x00\x00@\x00\x0b\x00\x04\x03\x00\x01\x02\x00\n\x00\x04\x00\x02\x00\x17\x00#\x00\x00\x00\r\x00 \x00\x1e\x06\x01\x06\x02\x06\x03\x05\x01\x05\x02\x05\x03\x04\x01\x04\x02\x04\x03\x03\x01\x03\x02\x03\x03\x02\x01\x02\x02\x02\x03\x00\x16\x00\x00\x00\x17\x00\x00" socket peek hex=16030100a5010000a10303767bfe7b8788314ebe9daa8f9d58cb6f85dda3b9cd360a1a590be50bab10aa69000038c02cc030009fcca9cca8ccaac02bc02f009ec024c028006bc023c0270067c00ac0140039c009c0130033009d009c003d003c0035002f00ff01000040000b000403000102000a00040002001700230000000d0020001e0601060206030501050205030401040204030301030203030201020202030016000000170000 socket peek line1='\x16\x03\x01\x00\xa5\x01\x00\x00\xa1\x03\x03v{\xfe{\x87\x881N\xbe\x9d\xaa\x8f\x9dX\xcbo\x85\xdd\xa3\xb9\xcd6' do_wrap_socket(<socket object, fd=12, family=10, type=1, protocol=0>, {'do_handshake_on_connect': False, 'suppress_ragged_eofs': True, 'server_side': True}) Traceback (most recent call last): File "/usr/lib64/python2.7/site-packages/xpra/scripts/main.py", line 2315, in do_wrap_socket ssl_sock = wrap_socket(tcp_socket, **kwargs) File "/usr/lib64/python2.7/ssl.py", line 363, in wrap_socket _context=self) File "/usr/lib64/python2.7/ssl.py", line 569, in __init__ socket.__init__(self, _sock=sock._sock) AttributeError: '_socket.socket' object has no attribute '_sock' Exception in thread new-tcp-connection: Traceback (most recent call last): File "/usr/lib64/python2.7/threading.py", line 804, in __bootstrap_inner self.run() File "/usr/lib64/python2.7/threading.py", line 757, in run self.__target(*self.__args, **self.__kwargs) File "/usr/lib64/python2.7/site-packages/xpra/server/server_core.py", line 778, in handle_new_connection cont, conn, peek_data = self.may_wrap_socket(conn, socktype, peek_data, line1) File "/usr/lib64/python2.7/site-packages/xpra/server/server_core.py", line 847, in may_wrap_socket sock = self._ssl_wrap_socket(sock) File "/usr/lib64/python2.7/site-packages/xpra/scripts/main.py", line 2321, in do_wrap_socket raise InitExit(EXIT_SSL_FAILURE, "Cannot wrap socket %s: %s" % (tcp_socket, e)) InitExit: Cannot wrap socket <socket object, fd=12, family=10, type=1, protocol=0>: '_socket.socket' object has no attribute '_sock'
(this error was only visible after fixing a typo in the error handler: r16806)
r16820 fixes both issues (backport to v2.1.x in r16821):
--ssl=on
to proxy command line
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1636