On Tue, Mar 04, 2003 at 04:14:45PM +0100, Hegedus Ferenc wrote:
Sziasztok
Lenne egy kis gondom a 2.0.0-as zorp https proxyzassal, lattam az elozo leveleket, de azthiszem ez mas lesz. Ugyanazzal a zonakkal, konfiggal es kulcsokkal hasznalva az 1.4.8-as zorp verzioval jol mukodik, mig a 2.0.0-assal a kliens ssl error-t mond.
verbose 6-on ez az erdekes hibauzenet sor:
Starting service; name='ServiceHttps' Starting proxy instance; client_fd='14', client_address='AF_INET(192.168.0.9:2064)', client_zone='Zone(ZoneIntra, 192.168.0.9/32)', client_local='AF_INET(celip:443)' Proxy starting; class='ClassSsl', module='pssl' Server connection established; server_fd='17', server_address='AF_INET(celip:443)', server_zone='Zone(ZoneInternet, 0.0.0.0/0)', server_local='AF_INET(tuzfalip:57952)' SSL handshake failed on the client side; error='error:140890C7:SSL routines:lib(20):SSL3_GET_CLIENT_CERTIFICATE:func(137):peer did not return a certificate:reason(199)'
Az 1.4.8-ast potato-s kornyezetben hasznalom, a 2.0.0-ast pedig woody-n forditottam es futtatom, tproxy megvan es mukodik.
A konfig mindket esetben:
class ClassSsl(PsslProxy): def config(self): self.server_need_ssl = TRUE self.client_need_ssl = TRUE self.client_cert = "/etc/zorp/server.crt" self.client_key = "/etc/zorp/server.key" self.stack_proxy = ClassHttp
Service("ServiceHttps", ClassSsl, router=TransparentRouter()) Listener(SockAddrInet("192.168.0.10", 4430), "ServiceHttps")
Probald meg a 'self.client_verify_type = SSL_VERIFY_NONE' sort. Ugyanis a hiba alapjan szamomra ugy tunik, hogy a kliens nem kuld cert-et, a zorp pedig default elvarja. A Pssl.py-bol: client_verify_type -- [ENUM;Z_SSL_VERIFY:Z_SSL_VERIFY_REQUIRED_TRUSTED:W:R] Verification for the peer on the client side. Gyula