[zorp-hu] https
Kerekes Gyula
zorp-hu@lists.balabit.hu
Tue, 4 Mar 2003 16:27:36 +0100
On Tue, Mar 04, 2003 at 04:14:45PM +0100, Hegedus Ferenc wrote:
> Sziasztok
>
> Lenne egy kis gondom a 2.0.0-as zorp https proxyzassal,
> lattam az elozo leveleket, de azthiszem ez mas lesz.
> Ugyanazzal a zonakkal, konfiggal es kulcsokkal hasznalva
> az 1.4.8-as zorp verzioval jol mukodik, mig a 2.0.0-assal
> a kliens ssl error-t mond.
>
> verbose 6-on ez az erdekes hibauzenet sor:
>
> Starting service; name='ServiceHttps'
> Starting proxy instance; client_fd='14', client_address='AF_INET(192.168.0.9:2064)', client_zone='Zone(ZoneIntra, 192.168.0.9/32)', client_local='AF_INET(celip:443)'
> Proxy starting; class='ClassSsl', module='pssl'
> Server connection established; server_fd='17', server_address='AF_INET(celip:443)', server_zone='Zone(ZoneInternet, 0.0.0.0/0)', server_local='AF_INET(tuzfalip:57952)'
> SSL handshake failed on the client side; error='error:140890C7:SSL routines:lib(20):SSL3_GET_CLIENT_CERTIFICATE:func(137):peer did not return a certificate:reason(199)'
>
> Az 1.4.8-ast potato-s kornyezetben hasznalom,
> a 2.0.0-ast pedig woody-n forditottam es futtatom,
> tproxy megvan es mukodik.
>
> A konfig mindket esetben:
>
> class ClassSsl(PsslProxy):
> def config(self):
> self.server_need_ssl = TRUE
> self.client_need_ssl = TRUE
> self.client_cert = "/etc/zorp/server.crt"
> self.client_key = "/etc/zorp/server.key"
> self.stack_proxy = ClassHttp
>
> Service("ServiceHttps", ClassSsl, router=TransparentRouter())
> Listener(SockAddrInet("192.168.0.10", 4430), "ServiceHttps")
Probald meg a 'self.client_verify_type = SSL_VERIFY_NONE' sort.
Ugyanis a hiba alapjan szamomra ugy tunik, hogy a kliens nem kuld cert-et, a
zorp pedig default elvarja.
A Pssl.py-bol:
client_verify_type -- [ENUM;Z_SSL_VERIFY:Z_SSL_VERIFY_REQUIRED_TRUSTED:W:R]
Verification for the peer on the client side.
Gyula