On Mon, 01 Jun 2026 22:49:12 +0300 Adrian Bunk <[email protected]> wrote:
Source: freerdp3
Version: 3.26.0+dfsg-1
Severity: serious
Control: block 1134339 by -1
Control: affects -1 src:xrdp
https://ci.debian.net/packages/f/freerdp3/testing/amd64/71709881/...
The problem here is, on the xrrdp side:
[2026-07-09T21:01:39.699+0300] [INFO ] Client requested security types (RDP
assumed) : SSL
[2026-07-09T21:01:39.700+0300] [WARN ] Cannot accept TLS connections because certificate or private key file is not readable. certificate file:
[/etc/xrdp/cert.pem], private key file: [/etc/xrdp/key.pem]
By default, xrdp installs /etc/xrdp/key.pem as a symlink to
/etc/ssl/private/ssl-cert-snakeoil.key. But this file is
unreadable by the user xrdp running as (xrdp:xrdp). So
xrdp can't read its tls key, and fails.
It fails not just with freerdp testsuite. It fails *all* the
time, for any tls connection, by default.
I dunno how this prob should be solved properly. But currently,
xrdp is unusable with default settings.
Thanks,
/mjt