On Tue, 2008-02-19 at 18:56 -0500, David Yerger wrote:
Thanks for your help, I think we are getting there! Choking on proxy stacking though, see below:
Bazsi wrote:
You probably don't need server side keys as you disabled encryption. You want the same on the client side, e.g. you'd need
client_keypair_files,
however the 'keypair' attributes were only added because of the GUI of the professional version, you need these:
client_key_file -- [STRING:"":RW:R] Client side authentication private key corresponding to 'client_cert_file'. client_cert_file -- [STRING:"":RW:R] Filename of the client side authentication certificate in PEM format. This must be a server certificate, since for clients the proxy behaves as it were an SSL server.
OK, did that, also stripped the PEM passphrase from my private key so Zorp could read it--
Then was seeing
Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (svc/INhttps:0/pssl): Client side SSL handshake successful; Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (svc/INhttps:0/pssl): Stacking subproxy; client='19:20', server='21:22' Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (stderr): Traceback (most recent call last): Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (stderr): File "/usr/share/zorp/pylib/Zorp/Proxy.py", line 425, in stackProxy Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (stderr): proxyLog(self, CORE_DEBUG, 7, "Stacking child proxy; client_fd='%d', server_fd='%d', class='%s'", (client_stream.fd, server_stream.fd, proxy_class.__name__)) Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (stderr): AttributeError: 'tuple' object has no attribute '__name__'
Looked again at the example in http://www.balabit.com/network-security/zorp-gateway/gpl/tutorial/, looks like for Zorp GPL the correct form is
self.stack_proxy= OWAHttpProxy
instead of
self.stack_proxy=(Z_STACK_PROXY, OWAHttpProxy)
Hm... this should also work for the GPLd version, let me check... You are right, it indeed does not work, as the stacking generalization that was done in the Pro version was not released as part of the GPLd version. I'm checking in a patch that will allow the use of the same format (e.g. the tuple based format), while retaining the program & remote stacking features. Thanks for noticing and reporting this. -- Bazsi