On 29/06/13 09:04 +0200, Axel Braun wrote: > Morning all, > > I'm playing around with a SSL connection to a Tryton server, > I have created a self-signed certificate and set-up the /etc/trytond.conf > accordingly: > > # Activate the json-rpc protocol > jsonrpc = localhost:8000 > ssl_jsonrpc = True > > .... > > privatekey = /etc/trytond/server.key > certificate = /etc/trytond/server.crt > > Note: In some descriptions I found a variable > > secure_netrpc = True > > which does not show up in the current trytond.conf. > Has it to be added manually or is it depreciated?
It was replaced by ssl_jsonrpc. > Then firing up the Tryton client I get the following traceback: > > Traceback (most recent call last): > File "/usr/lib/python2.7/site-packages/tryton/gui/window/dblogin.py", line > 632, in run > if not common.test_server_version(host, port): > File "/usr/lib/python2.7/site-packages/tryton/common/common.py", line 226, > in test_server_version > version = rpc.server_version(host, port) > File "/usr/lib/python2.7/site-packages/tryton/rpc.py", line 67, in > server_version > result = connection.common.server.version(None, None) > File "/usr/lib/python2.7/xmlrpclib.py", line 1224, in __call__ > return self.__send(self.__name, args) > File "/usr/lib/python2.7/site-packages/tryton/jsonrpc.py", line 314, in > __request > verbose=self.__verbose > File "/usr/lib/python2.7/xmlrpclib.py", line 1264, in request > return self.single_request(host, handler, request_body, verbose) > File "/usr/lib/python2.7/xmlrpclib.py", line 1294, in single_request > response = h.getresponse(buffering=True) > File "/usr/lib/python2.7/httplib.py", line 1030, in getresponse > response.begin() > File "/usr/lib/python2.7/httplib.py", line 407, in begin > version, status, reason = self._read_status() > File "/usr/lib/python2.7/httplib.py", line 371, in _read_status > raise BadStatusLine(line) > BadStatusLine: '' > > server and client run on the same machine. For testing purposes I set the > access authorisations for the server certificates to 666, but that did not > help. > Whats the problem? Can I get a more verbose error message? Probably the known_hosts [1] file has wrong information. If you used your server without ssl activated before switching, then the client stored the information that you don't use ssl for this server and then it just tries to connect in non-ssl. So just remove the line that corresponds to your server in the known_hosts file. PS: this is the same design as the openssh known_hosts. [1] http://doc.tryton.org/2.8/tryton/doc/usage.html#configuration-file -- Cédric Krier B2CK SPRL Rue de Rotterdam, 4 4000 Liège Belgium Tel: +32 472 54 46 59 Email/Jabber: [email protected] Website: http://www.b2ck.com/
pgpax3lMBDULw.pgp
Description: PGP signature
