[zorp-hu] https (pssl) proxy nem mux!
=?iso-8859-1?Q?Z=E1k=E1ny_Gergely?=
narancs@narancs.tii.matav.hu
Fri, 7 Sep 2001 13:17:27 +0200 (CEST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
adott a kovetkezo konfig:
class IntraHttps(PsslProxy):
class EmbeddedHttp(HttpProxy):
def config(self):
HttpProxy.config(self)
# self.strict_header_checking = 0
self.request_headers["User-Agent"] =
[HTTP_CHANGE_VALUE, "Lynx/2.8.3rel.1"]
def config(self):
self.server_need_ssl = TRUE
self.server_verify_type = SSL_VERIFY_REQUIRED
self.server_ca_directory = '/etc/zorp/cas.certs'
self.server_cert = '/etc/zorp/ca.crt'
self.client_need_ssl = TRUE
self.client_cert = '/etc/zorp/server.crt'
self.client_key = '/etc/zorp/server.key'
self.client_verify_type = 0
self.stack_proxy = self.EmbeddedHttp
- ---
minden kulcs/cert ok, iptables ok, kliens bongeszo ok,
de a logba olyan uzenet jon, hogy NameError: SSL_VERIFY akarmi, mert
kiprobaltam a referenciabol az osszeset de mindre ezt mondta.
ha self.verify_type akkor is ugyanez..
szerintem teljesen primitiv lehet a megoldas, csak hogy mi a hiba azt
nektek kellene megmondani.
Valami szintaktikai.
zorp 0.8.8., linux 2.4.x
jo lenne, ha valaki azt is elmagyarazna, hogy itt a client es a server mit
jelent a certek szempontjabol.
koszi!
- -------------------------
Zákány Gergely
IT Security Administrator
EDS Hungarian IT Security Team
"Security of information is an illusion.
What is in one's mind gets into the collective consciousness (akasha),
so that can be read with meditation ;-) You don't have to hack.
Just 'remember'! You're the one."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjuYrMsACgkQGp+ylEhMCIWTiwCff/daGkkNboWh4bXri6RQAAa3
vOEAniMBYZe3qn773FVTk4RjMEUh6LZO
=NE8A
-----END PGP SIGNATURE-----