OK, I tried something slightly different. I removed the "ssl=https" (seems like
I was not reading the wiki on https://xpra.org/trac/ticket/1213 correctly).
Here is what I did :-
xpra start :17 --bind-tcp=0.0.0.0:3001 --ssl=on --ssl-cert=./fullchain.pem
--ssl-key=./privkey.pem --start=xclock
=> Simply hit the https://hostname.com. Web-browser says Secure Connection
Failed. The page you are trying to view cannot be shown because the
authenticity of the received data could not be verified.=> XPRA log is
showing:- Error: error in network packet reading/parsing^[[0m ^[[31m2017-01-02
19:11:15,446 invalid_header() takes exactly 3 arguments (4 given) Traceback
(most recent call last): File
"/usr/lib/python2.7/dist-packages/xpra/net/protocol.py", line 682, in
_read_parse_thread_loop self.do_read_parse_thread_loop() File
"/usr/lib/python2.7/dist-packages/xpra/net/protocol.py", line 725, in
do_read_parse_thread_loop=> openssl s_client -connect host:443 -- this is
showing ssl is connect and is working fine
Any idea why browser is not connecting? Do I need to provide some parameters on
the address line on the browser?
Regards,
Mukul
On Monday, January 2, 2017 5:20 PM, Mukul Agrawal via shifter-users
<[email protected]> wrote:
I got a commercial SSL certificate installed on my ubuntu xenial machine.I
tested the setup using a simple "Hello World" python https server. Everything
is woorking good. I can hit the index page using https from anywhere from
outside world.Also checked with "openssl s_client -connect" and it confiorms
that certificate is using used properly.
Now I started the xpra server following instructions here -
Encryption/SSL – Xpra
|
|
|
| | |
|
|
|
| |
Encryption/SSL – Xpra
xpra - screen for X | |
|
|
Used following command :-
xpra start :17 --start=xclock --bind-tcp=0.0.0.0:3001 --ssl=on
--ssl-cert=/path/to/fullchain.pem --ssl-key=/
path/to/privatekey.pem ssl=https
Now if I hit the webaddress from webbrowser with https, I get following error
on browser ;-
SSL received a record that exceeded the maximum permissible length. Error code:
SSL_ERROR_RX_RECORD_TOO_LONG
"openssl s_client -connect" is showing "connected" but giving an error
140770FC:SSL rountines:SSL23_GET_SERVER_HELLO:unknown_protocol:s23_clnt.c:794:
XPRA server logs are showing "invalid packet header, SSL packet?"
Any idea what is going on?I am doing iptable routing from 443 to 3001. This
works just fine with the above mentioned "Hello World" python https server. It
seems to me there is some problem with websockify's webserver is trying to
attach certificates to wrong port or network interface. Any advice on how to
debug this?
Regards,
Mukul
_______________________________________________
shifter-users mailing list
[email protected]
http://lists.devloop.org.uk/mailman/listinfo/shifter-users
_______________________________________________
shifter-users mailing list
[email protected]
http://lists.devloop.org.uk/mailman/listinfo/shifter-users
