#1252: minor tweaks:

* try to clarify config files * try to prevent auth mistakes: use tcp-auth if there is no ssl-auth (so ssl=auto won't give a no-auth ssl socket!) git-svn-id: https://xpra.org/svn/Xpra/trunk@13101 3bb7dfac-3a0b-4e04-842a-767bc560f471
Xpra-org · Jul 27, 2016 · 43639a1 · 43639a1
1 parent 5951834
commit 43639a1
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 23 deletions.
diff --git a/src/etc/xpra/conf.d/12_ssl.conf.in b/src/etc/xpra/conf.d/12_ssl.conf.in
@@ -3,11 +3,6 @@
 #
 # Please refer to the python ssl module for details
 
-# Handle SSL automatically over TCP sockets:
-# (requires a certificate)
-#ssl = no
-#ssl = yes
-ssl = auto
 
 # Key file to use:
 #ssl-key = /path/to/keyfile

diff --git a/src/etc/xpra/conf.d/50_server_network.conf.in b/src/etc/xpra/conf.d/50_server_network.conf.in
@@ -1,13 +1,19 @@
 ########################################################################
 # Server Network Options:
 
-# Where to create local sockets:
-# bind=none
-# bind=auto
-# bind=~/.xpra/
-# bind=FILENAME
-# bind=/path/to/socketfilename
-# bind=/run/user/$UID/xpra/
+
+########################################################################
+# local unix domain sockets:
+
+# Where to create the sockets:
+# (can be specified multiple times to create multiple sockets,
+#  either a directory or a socket filename)
+#bind=none
+#bind=auto
+#bind=~/.xpra/
+#bind=FILENAME
+#bind=/path/to/socketfilename
+#bind=/run/user/$UID/xpra/
 bind = %(bind)s
 
 # Authentication module to use for local sockets:
@@ -19,21 +25,52 @@ bind = %(bind)s
 #auth=sys
 #auth=none
 
+
+########################################################################
+# TCP:
+
 # To listen on TCP sockets:
-# bind-tcp=:10000
-# bind-tcp=0.0.0.0:10000
-# bind-tcp=192.168.0.1:10000
+#bind-tcp=:10000
+#bind-tcp=0.0.0.0:10000
+#bind-tcp=192.168.0.1:10000
 
-# Authentication module to use for TCP sockets:
+# Authentication module to use for TCP sockets (see 'auth'):
 #tcp-auth=none
 
+
+########################################################################
+# SSL:
+# (see also 12_ssl.conf)
+
+# To listen on an SSL socket:
+#bind-ssl=:10001
+#bind-ssl=:443
+#bind-ssl=192.168.0.1:10001
+
+# To secure SSL sockets (see 'auth'):
+#ssl-auth=none
+
+# To support SSL on TCP sockets:
+# (requires a certificate)
+#ssl = no
+#ssl = yes
+ssl = auto
+
+
+########################################################################
+# VSOCK:
+
 # To listen on AF_VSOCK sockets:
-# bind-vsock=auto:2000
-# bind-vsock=2:2000
+#bind-vsock=auto:2000
+#bind-vsock=2:2000
 
 # Authentication to use for VSOCK:
 #vsock-auth=none
 
+
+########################################################################
+# html / tcp-proxy and mdns:
+
 # Where to send non xpra clients:
 # (can be used to share the port with a web server)
 #tcp-proxy = 127.0.0.1:80

diff --git a/src/xpra/net/net_util.py b/src/xpra/net/net_util.py
@@ -278,11 +278,11 @@ def get_ssl_info():
 		if v is not None:
 			info[name] = v
 	for k,name in {
-					"OPENSSL_VERSION"		: "version",
-					"OPENSSL_VERSION_INFO"	: "version-info",
-					"OPENSSL_VERSION_NUMBER": "version-number",
+					""			: "version",
+					"_INFO"		: "version-info",
+					"_NUMBER"	: "version-number",
 					}.items():
-		v = getattr(ssl, k, None)
+		v = getattr(ssl, "OPENSSL_VERSION%s" % k, None)
 		if v is not None:
 			info.setdefault("openssl", {})[name] = v
 	return info

diff --git a/src/xpra/server/server_core.py b/src/xpra/server/server_core.py
@@ -279,7 +279,7 @@ def init_html_proxy(self, opts):
     def init_auth(self, opts):
         self.auth_class = self.get_auth_module("unix-domain", opts.auth, opts)
         self.tcp_auth_class = self.get_auth_module("tcp", opts.tcp_auth or opts.auth, opts)
-        self.ssl_auth_class = self.get_auth_module("ssl", opts.ssl_auth, opts)
+        self.ssl_auth_class = self.get_auth_module("ssl", opts.ssl_auth or opts.tcp_auth or opts.auth, opts)
         self.vsock_auth_class = self.get_auth_module("vsock", opts.vsock_auth, opts)
         authlog("init_auth(..) auth class=%s, tcp auth class=%s, ssl auth class=%s, vsock auth class=%s", self.auth_class, self.tcp_auth_class, self.ssl_auth_class, self.vsock_auth_class)