diff --git a/src/etc/xpra/conf.d/12_ssl.conf.in b/src/etc/xpra/conf.d/12_ssl.conf.in index fc75f1ce24..eed9ed6a9b 100644 --- a/src/etc/xpra/conf.d/12_ssl.conf.in +++ b/src/etc/xpra/conf.d/12_ssl.conf.in @@ -3,11 +3,6 @@ # # Please refer to the python ssl module for details -# Handle SSL automatically over TCP sockets: -# (requires a certificate) -#ssl = no -#ssl = yes -ssl = auto # Key file to use: #ssl-key = /path/to/keyfile diff --git a/src/etc/xpra/conf.d/50_server_network.conf.in b/src/etc/xpra/conf.d/50_server_network.conf.in index bdfa4871fb..e4797d9076 100644 --- a/src/etc/xpra/conf.d/50_server_network.conf.in +++ b/src/etc/xpra/conf.d/50_server_network.conf.in @@ -1,13 +1,19 @@ ######################################################################## # Server Network Options: -# Where to create local sockets: -# bind=none -# bind=auto -# bind=~/.xpra/ -# bind=FILENAME -# bind=/path/to/socketfilename -# bind=/run/user/$UID/xpra/ + +######################################################################## +# local unix domain sockets: + +# Where to create the sockets: +# (can be specified multiple times to create multiple sockets, +# either a directory or a socket filename) +#bind=none +#bind=auto +#bind=~/.xpra/ +#bind=FILENAME +#bind=/path/to/socketfilename +#bind=/run/user/$UID/xpra/ bind = %(bind)s # Authentication module to use for local sockets: @@ -19,21 +25,52 @@ bind = %(bind)s #auth=sys #auth=none + +######################################################################## +# TCP: + # To listen on TCP sockets: -# bind-tcp=:10000 -# bind-tcp=0.0.0.0:10000 -# bind-tcp=192.168.0.1:10000 +#bind-tcp=:10000 +#bind-tcp=0.0.0.0:10000 +#bind-tcp=192.168.0.1:10000 -# Authentication module to use for TCP sockets: +# Authentication module to use for TCP sockets (see 'auth'): #tcp-auth=none + +######################################################################## +# SSL: +# (see also 12_ssl.conf) + +# To listen on an SSL socket: +#bind-ssl=:10001 +#bind-ssl=:443 +#bind-ssl=192.168.0.1:10001 + +# To secure SSL sockets (see 'auth'): +#ssl-auth=none + +# To support SSL on TCP sockets: +# (requires a certificate) +#ssl = no +#ssl = yes +ssl = auto + + +######################################################################## +# VSOCK: + # To listen on AF_VSOCK sockets: -# bind-vsock=auto:2000 -# bind-vsock=2:2000 +#bind-vsock=auto:2000 +#bind-vsock=2:2000 # Authentication to use for VSOCK: #vsock-auth=none + +######################################################################## +# html / tcp-proxy and mdns: + # Where to send non xpra clients: # (can be used to share the port with a web server) #tcp-proxy = 127.0.0.1:80 diff --git a/src/xpra/net/net_util.py b/src/xpra/net/net_util.py index 1024ac26bb..1585d3bb33 100755 --- a/src/xpra/net/net_util.py +++ b/src/xpra/net/net_util.py @@ -278,11 +278,11 @@ def get_ssl_info(): if v is not None: info[name] = v for k,name in { - "OPENSSL_VERSION" : "version", - "OPENSSL_VERSION_INFO" : "version-info", - "OPENSSL_VERSION_NUMBER": "version-number", + "" : "version", + "_INFO" : "version-info", + "_NUMBER" : "version-number", }.items(): - v = getattr(ssl, k, None) + v = getattr(ssl, "OPENSSL_VERSION%s" % k, None) if v is not None: info.setdefault("openssl", {})[name] = v return info diff --git a/src/xpra/server/server_core.py b/src/xpra/server/server_core.py index 2574ae202b..87501e3e1f 100644 --- a/src/xpra/server/server_core.py +++ b/src/xpra/server/server_core.py @@ -279,7 +279,7 @@ def init_html_proxy(self, opts): def init_auth(self, opts): self.auth_class = self.get_auth_module("unix-domain", opts.auth, opts) self.tcp_auth_class = self.get_auth_module("tcp", opts.tcp_auth or opts.auth, opts) - self.ssl_auth_class = self.get_auth_module("ssl", opts.ssl_auth, opts) + self.ssl_auth_class = self.get_auth_module("ssl", opts.ssl_auth or opts.tcp_auth or opts.auth, opts) self.vsock_auth_class = self.get_auth_module("vsock", opts.vsock_auth, opts) authlog("init_auth(..) auth class=%s, tcp auth class=%s, ssl auth class=%s, vsock auth class=%s", self.auth_class, self.tcp_auth_class, self.ssl_auth_class, self.vsock_auth_class)