SAO Webclient and SSL in trytond backend
196 views
Skip to first unread message
Christoph Larsen
Sep 4, 2015, 11:55:04 AM9/4/15
to tryton
Dear All,
Does the SAO web client SSL connections to the trytond backend? I had this working before from both the GTK client AND the SAO webclient before, but nowadays I get the following error message, as soon as I use the SAO web client, ONLY (GTK client works well):
Exception happened during processing of request from ('197.157.233.82',39772)
Traceback (most recent call last):
File "/usr/local/lib/python2.7/SocketServer.py", line 599, in process_request_thread self.finish_request(request, client_address)
Does the SAO web client SSL connections to the trytond backend? I had this working before from both the GTK client AND the SAO webclient before, but nowadays I get the following error message, as soon as I use the SAO web client, ONLY (GTK client works well):
Exception happened during processing of request from ('197.157.233.82',39772)
Traceback (most recent call last):
File "/usr/local/lib/python2.7/SocketServer.py", line 599, in process_request_thread self.finish_request(request, client_address)
|
Cédric Krier
Sep 4, 2015, 12:50:04 PM9/4/15
to tryton
certificates.
Maybe it is your ngnix server that run the trytond code.
> [image: Cédric Krier's profile photo]
> Cédric Krier
--
Cédric Krier - B2CK SPRL
Email/Jabber: cedric...@b2ck.com
Tel: +32 472 54 46 59
Website: http://www.b2ck.com/
Christoph Larsen
Sep 5, 2015, 7:30:06 PM9/5/15
to tryton
Alas, it is not. Permissions are fine. Strange enough, this worked prior to the last upgrade done three days ago. Admittedly, I have been running an old version of SAO for a while.
Given the rather cryptic causes of this is why I ask the list.
Thanks,
Chris
Given the rather cryptic causes of this is why I ask the list.
Thanks,
Chris
Christoph Larsen
Sep 6, 2015, 5:50:05 PM9/6/15
to tryton
And here is the resolution: Permission for users and group were indeed fine. However, daemontools' setuidgid does not do the trick and does not respect additional group memberships (unlike su), and does, in this case, not add the required additional group membership, e.g. "ssl-cert", needed for private key access. su solves this issue.
Thanks!
mariomop
Jan 29, 2016, 12:00:05 PM1/29/16
to tryton
Hi, I'm currently using SSL with a self signed certificate. With the GTK client everything's fine, but I'm not able to connect from sao.
In Firefox I tried to load the certificate in Certificates > Authorities, and in My certificates, with a pkcs12 file, with no luck. Maybe I'm doing something wrong?
This is what the server shows when I try to login from Firefox
$ trytond -c /etc/trytond.conf -v
7307 139974860535552 [2016-01-29 16:08:42,010] INFO trytond.server using /etc/trytond.conf as configuration file
7307 139974860535552 [2016-01-29 16:08:42,010] INFO trytond.server initialising distributed objects services
7307 139974860535552 [2016-01-29 16:08:42,027] INFO trytond.server starting JSON-RPC SSL protocol on *:8000
----------------------------------------
Exception happened during processing of request from ('::ffff:181.88.217.217', 57014, 0, 0)
Traceback (most recent call last):
File "/usr/lib/python2.7/SocketServer.py", line 599, in process_request_thread
self.finish_request(request, client_address)
File "/usr/lib/python2.7/SocketServer.py", line 334, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python2.7/SocketServer.py", line 653, in __init__
self.setup()
File "/home/ceiam/.venvs/ceiam-3.0/local/lib/python2.7/site-packages/trytond/protocols/jsonrpc.py", line 297, in setup
self.request = SSLSocket(self.request)
File "/home/ceiam/.venvs/ceiam-3.0/local/lib/python2.7/site-packages/trytond/protocols/sslsocket.py", line 13, in SSLSocket
ssl_version=ssl.PROTOCOL_SSLv23)
File "/usr/lib/python2.7/ssl.py", line 891, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 566, in __init__
self.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 788, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:581)
----------------------------------------
Any hints?
Regards
self.finish_request(request, client_address)
File "/usr/lib/python2.7/SocketServer.py", line 334, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python2.7/SocketServer.py", line 653, in __init__
self.setup()
File "/home/ceiam/.venvs/ceiam-3.0/local/lib/python2.7/site-packages/trytond/protocols/jsonrpc.py", line 297, in setup
self.request = SSLSocket(self.request)
File "/home/ceiam/.venvs/ceiam-3.0/local/lib/python2.7/site-packages/trytond/protocols/sslsocket.py", line 13, in SSLSocket
ssl_version=ssl.PROTOCOL_SSLv23)
File "/usr/lib/python2.7/ssl.py", line 891, in wrap_socket
ciphers=ciphers)
File "/usr/lib/python2.7/ssl.py", line 566, in __init__
self.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 788, in do_handshake
self._sslobj.do_handshake()
SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:581)
----------------------------------------
Any hints?
Regards
mariomop
Jan 29, 2016, 12:35:04 PM1/29/16
to tryton
Ok, I forgot to prepend the 's' in https:// to the IP number
Silly mistake.
Thanks
Reply all
Reply to author
Forward
0 new messages