Xpra: Ticket #2460: per socket ssl options

Split from #2424: SSL wrapping is more difficult because it takes so many arguments, and we're not currently storing them but taking them from the config object directly. So they would need to be copied as attributes in the server object so we can re-use them later.

Sat, 08 Feb 2020 10:04:36 GMT - Antoine Martin: status changed

Client side done in r25186 + r25190 + r25191.


xpra attach "ssl://localhost:10000/?ssl-server-verify-mode=none&ssl-protocol=SSLv23"

Sun, 09 Feb 2020 16:29:53 GMT - Antoine Martin: status changed; resolution set

Done in r25197.

Examples for server side:

xpra start --start=xterm --bind-tcp=,ssl-cert=./ssl-cert.pem,ssl-protocol=SSLv23 --bind-ssl=,ssl=cert=./ssl-cert2.pem

ie: each socket will use a different cert.

All the usual ssl options can be specified individually for each socket. The existing --ssl-XYZ command line options are still valid and are used as default values.

For ssh, see #2583

Wed, 03 Jun 2020 06:37:32 GMT - Antoine Martin:

Better syntax proposal in #2794

See also r27656.

Sat, 23 Jan 2021 05:51:52 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/2460