[zorp-hu] Most eppen ezzel szivok HTTPS! ;-]

1 Aug 2002

      sziasztok,

Ma szinte egesz nap egy HTTPS Proxy-t probaltam beizzitani, ami a belso
halorol kezdemenyezett https kereseket transzparensen proxy-zna. Eloszor
is vegig banyasztam az archivumot es talaltam par peldat ami eleg
reszletesen ecsetelgette ezt a dolgot + meg megneztem  GStartedG-ben a
pedat es az alapjan osszehoztam egy olyan konfigot, ami ugyan elindul,
szintaktikailag helyes lehet, de valami gaz van a szemantikajaban.
ugyanis nem kozveti.

Gondolom az is fontos lesz, hogyan hoztam leszre a tanusitvanyokat, a
default beallitsokat hagytam egyenlore a openssl.cnf-ben es a
kovetkezoket tettem.

cd /etc/zorp/
CA.pl -newca
(kitoltottem szepen a kerdeseket)
openssl req -newkey rsa:2048 -keyout zorp.key -out zorp.csr
(szinten kitoltogettem)
openssl ca -in zorp.csr -out zorp.crt

ezutan inditottam a zorp-ot a kov konfiggal

--policy.py--
from Zorp.Core import *
from Zorp.Http import *
from Zorp.Pssl import *

Zorp.firewall_name = 'Zorp@Celsus'

InetZone("localnet",
        "192.168.1.0/24",
        inbound_services=["*"],
        outbound_services=["*"])

InetZone("internet",
        "0.0.0.0/0",
        inbound_services=["*"],
        outbound_services=["*"])

class Intra2InterHTTPS(PsslProxy):
        class EmbeddedHttp(HttpProxy):
                def config(self):
                        HttpProxy.config(self)
        def config(self):
                PsslProxy.config(self)
                self.client_need_ssl = TRUE
                self.client_cert = "/etc/zorp/zorp.crt"
                self.client_key = "/etc/zorp/zorp.key"
                self.server_need_ssl = TRUE
                self.server_ca_directory = "/etc/zorp/demoCA"
                self.server_crl_directory = "/etc/zorp/demoCA/crl"
                self.server_verify_type = SSL_VERIFY_REQUIRED_TRUSTED
                self.stack_proxy = self.EmbeddedHttp

def Intra2Inter():
        Service("intra2interHTTPS", Intra2InterHTTPS)
        Listener(SockAddrInet("192.168.1.1",50443),"intra2interHTTPS")

Majd amikor megprobaltam megnyitni egy https-es oldalt, akkor ezt a
syslog-ot generalta:

--syslog--
Jul 31 17:55:36 tractor Intra2Inter[11797]:
(Zorp@Celsus/intra2interHTTPS:0): Starting proxy instance;
client_fd='11', client_address='AF_INET(192.168.1.4:1647)',
client_zone='Zone(localnet, 192.168.1.0/24)',
client_local='AF_INET(213.222.165.148:443)'
Jul 31 17:55:36 tractor Intra2Inter[11797]:
(Zorp@Celsus/intra2interHTTPS:0/pssl): Proxy starting;
class='Intra2InterHTTPS', module='pssl'
Jul 31 17:55:36 tractor Intra2Inter[11814]:
(Zorp@Celsus/intra2interHTTPS:0/pssl): Server connection established;
server_fd='14', server_addr='AF_INET(213.222.165.148:443)',
server_zone='Zone(internet, 0.0.0.0/0)',
server_local='AF_INET(195.38.115.47:4172)'
Jul 31 17:55:36 tractor Intra2Inter[11814]:
(Zorp@Celsus/intra2interHTTPS:0/pssl): Error loading private key;
keyfile='/etc/zorp/zorp.key', error='error:0906406D:PEM
routines:lib(9):DEF_CALLBACK:func(100):problems getting
password:reason(109)'
Jul 31 17:55:36 tractor Intra2Inter[11814]:
(Zorp@Celsus/intra2interHTTPS:0/pssl): Error initializing SSL session on
the client side;
Jul 31 17:55:36 tractor Intra2Inter[11814]:
(Zorp@Celsus/intra2interHTTPS:0/pssl): Proxy ending;
class='Intra2InterHTTPS', module='pssl'
Jul 31 17:55:36 tractor Intra2Inter[11814]:
(Zorp@Celsus/intra2interHTTPS:0): client: accounting info; duration='0',
sent='0', received='0'
Jul 31 17:55:36 tractor Intra2Inter[11814]:
(Zorp@Celsus/intra2interHTTPS:0): server: accounting info; duration='0',
sent='0', received='0'
Jul 31 17:55:36 tractor Intra2Inter[11797]:
(Zorp@Celsus/intra2interHTTPS:1): Starting proxy instance;
client_fd='11', client_address='AF_INET(192.168.1.4:1648)',
client_zone='Zone(localnet, 192.168.1.0/24)',
client_local='AF_INET(213.222.165.148:443)'
Jul 31 17:55:36 tractor Intra2Inter[11797]:
(Zorp@Celsus/intra2interHTTPS:1/pssl): Proxy starting;
class='Intra2InterHTTPS', module='pssl'
Jul 31 17:55:36 tractor Intra2Inter[11815]:
(Zorp@Celsus/intra2interHTTPS:1/pssl): Server connection established;
server_fd='14', server_addr='AF_INET(213.222.165.148:443)',
server_zone='Zone(internet, 0.0.0.0/0)',
server_local='AF_INET(195.38.115.47:4174)'
Jul 31 17:55:36 tractor Intra2Inter[11815]:
(Zorp@Celsus/intra2interHTTPS:1/pssl): Error loading private key;
keyfile='/etc/zorp/zorp.key', error='error:0906406D:PEM
routines:lib(9):DEF_CALLBACK:func(100):problems getting
password:reason(109)'
Jul 31 17:55:36 tractor Intra2Inter[11815]:
(Zorp@Celsus/intra2interHTTPS:1/pssl): Error initializing SSL session on
the client side;
Jul 31 17:55:36 tractor Intra2Inter[11815]:
(Zorp@Celsus/intra2interHTTPS:1/pssl): Proxy ending;
class='Intra2InterHTTPS', module='pssl'
Jul 31 17:55:36 tractor Intra2Inter[11815]:
(Zorp@Celsus/intra2interHTTPS:1): client: accounting info; duration='0',
sent='0', received='0'
Jul 31 17:55:36 tractor Intra2Inter[11815]:
(Zorp@Celsus/intra2interHTTPS:1): server: accounting info; duration='0',
sent='0', received='0'

Szoval a kerdesem az lenne milyen lepest hagytam ki vagy hol hibaztam a
konfigban?

sziasztok,
    Istvan

[zorp-hu] Most eppen ezzel szivok HTTPS! ;-]

Ifj. Darvas Istvan