Re: [zorp-hu] 3.9 ssl keybridge nem indul

On Wed, Apr 13, 2011 at 03:43:51PM +0200, Szabó Endre Zoltán wrote:

Hm hat en nem tudok ilyen proxyt kivalasztani. Biztos nem kezimunka es policy.py-ban van csak?

Nekem ott van ilyen, de a doksi is emliti: "Navigate to the Proxies tab of the Zorp ZMC component and select the SSL/TLS proxy to be used (e.g.: StrongPsslProxy, or derive a new one)." De a sajatomat hiaba probaltam "atemelni", ugyanugy elszallt az alabbi uzenettel. Ha kiszedem a StrongPsslProxy-t, akkor pedig azert obegat a logba, hogy nincs definialva az X509KeyBridge: Apr 13 15:45:59 squeeze-zorp39gpl zorp/zorp_https[13889]: core.session(5): (svc/intra_Keybridge_HTTPS_inter): Starting service; name='intra_Keybridge_HTTPS_inter' Apr 13 15:45:59 squeeze-zorp39gpl zorp/zorp_https[13889]: core.session(3): (svc/intra_Keybridge_HTTPS_inter:0): Starting proxy instance; client_fd='15', client_address='AF_INET(192.168.2.1:1290)', client_zone='Zone(intranet, 192.168.2.0/24)', client_local='AF_INET(62.112.211.40:443)', client_protocol='TCP' Apr 13 15:45:59 squeeze-zorp39gpl zorp/zorp_https[13889]: core.session(5): (svc/intra_Keybridge_HTTPS_inter:0/http): Proxy starting; class='KeybridgeStrongHttpsProxy', proxy='http' Apr 13 15:45:59 squeeze-zorp39gpl zorp/zorp_https[13889]: core.stderr(3): (stderr): Traceback (most recent call last):#012 Apr 13 15:45:59 squeeze-zorp39gpl zorp/zorp_https[13889]: core.stderr(3): (stderr): File "/etc/zorp/policy.py", line 29, in config#012 Apr 13 15:45:59 squeeze-zorp39gpl zorp/zorp_https[13889]: core.session(5): (svc/intra_Keybridge_HTTPS_inter:0/http): Proxy ending; class='KeybridgeStrongHttpsProxy', module='http' Apr 13 15:45:59 squeeze-zorp39gpl zorp/zorp_https[13889]: core.session(4): (svc/intra_Keybridge_HTTPS_inter:0): Ending proxy instance; Apr 13 15:45:59 squeeze-zorp39gpl zorp/zorp_https[13889]: core.accounting(4): (svc/intra_Keybridge_HTTPS_inter:0/http/client): accounting info; type='ZStreamFD', duration='0', sent='0', received='0' Apr 13 15:45:59 squeeze-zorp39gpl zorp/zorp_https[13889]: core.stderr(3): (stderr): self.ssl.key_generator=X509KeyBridge(key_file="/etc/zorp/keybridging_cert/fwca.key", key_passphrase="12345678", cache_directory="/var/lib/zorp/ssl-bridge", trusted_ca_files=("/etc/zorp/certs/trust.crt", "/etc/zorp/certs/trust.key.nopass"), untrusted_ca_files=("/etc/zorp/certs/untrust.crt", "/etc/zorp/certs/untrust.key.nopass"))#012 Apr 13 15:45:59 squeeze-zorp39gpl zorp/zorp_https[13889]: core.stderr(3): (stderr): NameError: global name 'X509KeyBridge' is not defined#012 Szoval valaki elarulhatna, hogy akkor hogyan is kell keybridge-es ssl-t osszerakni, mert az ajanlott doksi alapjan nem akarodzik sikerulni... -- Udvozlettel Zsiga