[zorp-hu] https

Hegedus Ferenc zorp-hu@lists.balabit.hu
Tue, 4 Mar 2003 16:14:45 +0100


Sziasztok

Lenne egy kis gondom a 2.0.0-as zorp https proxyzassal,
lattam az elozo leveleket, de azthiszem ez mas lesz.
Ugyanazzal a zonakkal, konfiggal es kulcsokkal hasznalva 
az 1.4.8-as zorp verzioval jol mukodik, mig a 2.0.0-assal
a kliens ssl error-t mond.

verbose 6-on ez az erdekes hibauzenet sor:

Starting service; name='ServiceHttps'
Starting proxy instance; client_fd='14', client_address='AF_INET(192.168.0.9:2064)', client_zone='Zone(ZoneIntra, 192.168.0.9/32)', client_local='AF_INET(celip:443)'
Proxy starting; class='ClassSsl', module='pssl'
Server connection established; server_fd='17', server_address='AF_INET(celip:443)', server_zone='Zone(ZoneInternet, 0.0.0.0/0)', server_local='AF_INET(tuzfalip:57952)'
SSL handshake failed on the client side; error='error:140890C7:SSL routines:lib(20):SSL3_GET_CLIENT_CERTIFICATE:func(137):peer did not return a certificate:reason(199)'

Az 1.4.8-ast potato-s kornyezetben hasznalom,
a 2.0.0-ast pedig woody-n forditottam es futtatom,
tproxy megvan es mukodik.

A konfig mindket esetben:

class ClassSsl(PsslProxy):
        def config(self):
                self.server_need_ssl = TRUE
                self.client_need_ssl = TRUE
                self.client_cert = "/etc/zorp/server.crt"
                self.client_key = "/etc/zorp/server.key"
                self.stack_proxy = ClassHttp

Service("ServiceHttps", ClassSsl, router=TransparentRouter())
Listener(SockAddrInet("192.168.0.10", 4430), "ServiceHttps")

A ClassHttp is ugyanugy nez ki mindket verzional.

Esetleg mas openssl verzioval probalkozzak?

d