Csináltam egy ilyet: class Http_C (HttpProxy): def config (self): HttpProxy.config (self) self.transparent_mode = 1 class HttpS_C (PsslProxy): def config (self): self.client_need_ssl = 1 self.server_need_ssl = 1 self.client_cert_file = "/etc/zorp/host242/cert.pem" self.client_key_file = "/etc/zorp/host242/key.pem" self.stack_proxy = Http_C Csináltam certet: openssl req -config openssl.conf -new -x509 -keyout key.pem -out cert.pem -days 3650 Erre az eredmény: firewall:/etc/zorp/host242# openssl s_client -connect xxx.xxx.xxx.xxx:443 CONNECTED(00000003) depth=0 /C=HU/L=Budapest/O=xxx/CN=xxx/emailAddress=xxx verify error:num=18:self signed certificate verify return:1 depth=0 /C=HU/L=Budapest/O=xxx/CN=xxx/emailAddress=xxx verify return:1 6973:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1052:SSL alert number 40 6973:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226: f A log vége: Nov 18 10:55:41 firewall Host242[19285]: (firewall@xxx.hu/HttpS_S:0/pssl/client): Reading channel; fd='23', count='5' Nov 18 10:55:41 firewall Host242[19285]: (firewall@xxx.hu/HttpS_S:0/pssl/client): data line: 16 03 01 00 07 ..... Nov 18 10:55:41 firewall Host242[19285]: (firewall@xxx.hu/HttpS_S:0/pssl/client): Reading channel; fd='23', count='7' Nov 18 10:55:41 firewall Host242[19285]: (firewall@xxx.hu/HttpS_S:0/pssl/client): data line: 0B 00 00 03 00 00 00 ....... Nov 18 10:55:41 firewall Host242[19285]: (firewall@xxx.hu/HttpS_S:0/pssl/client): Writing channel; fd='23', count='7' Nov 18 10:55:41 firewall Host242[19285]: (firewall@xxx.hu/HttpS_S:0/pssl/client): data line: 15 03 01 00 02 02 28 ......( Nov 18 10:55:41 firewall Host242[19285]: (firewall@xxx.hu/HttpS_S:0/pssl): SSL handshake failed on the client side; error='error:140890C7:SSL routines:lib(20):SSL3_GET _CLIENT_CERTIFICATE:func(137):peer did not return a certificate:reason(199)' Nov 18 10:55:41 firewall Host242[19285]: (firewall@xxx.hu/HttpS_S:0/pssl): calling __destroy__() event; Nov 18 10:55:41 firewall Host242[19285]: (firewall@xxx.hu/HttpS_S:0/pssl): Proxy destroy; class='HttpS_C', module='pssl' Nov 18 10:55:41 firewall Host242[19285]: (firewall@xxx.hu/HttpS_S:0/pssl/client): Closing channel; fd='23' Nov 18 10:55:41 firewall Host242[19285]: (firewall@xxx.hu/HttpS_S:0/pssl/server): Shutdown channel; fd='26', mode='2' Nov 18 10:55:41 firewall Host242[19285]: (firewall@xxx.hu/HttpS_S:0/pssl/server): Closing channel; fd='26' Nov 18 10:55:41 firewall Host242[19285]: (firewall@xxx.hu/HttpS_S:0/pssl): Proxy ending; class='HttpS_C', module='pssl' Mit rontok el? Bónuszkérdés: Ezeket a reasonxxxx és alertnumberxxx ssl hibaüzeneteket hogyan lehet dekódolni? -- Gabor HALASZ <halasz.g@freemail.hu>