[zorp-hu] ssl benazok

Gabor HALASZ zorp-hu@lists.balabit.hu
Tue, 18 Nov 2003 11:07:31 +0100 

Csin=E1ltam egy ilyet:

class Http_C (HttpProxy):
         def config (self):
                 HttpProxy.config (self)
                 self.transparent_mode =3D 1

class HttpS_C (PsslProxy):
         def config (self):
                 self.client_need_ssl =3D 1
                 self.server_need_ssl =3D 1
                 self.client_cert_file =3D "/etc/zorp/host242/cert.pem"
                 self.client_key_file =3D "/etc/zorp/host242/key.pem"
                 self.stack_proxy =3D Http_C


Csin=E1ltam certet:

openssl req -config openssl.conf -new -x509 -keyout key.pem -out=20
cert.pem -days 3650

Erre az eredm=E9ny:

firewall:/etc/zorp/host242# openssl s_client -connect=20
xxx.xxx.xxx.xxx:443
CONNECTED(00000003)
depth=3D0 /C=3DHU/L=3DBudapest/O=3Dxxx/CN=3Dxxx/emailAddress=3Dxxx
verify error:num=3D18:self signed certificate
verify return:1
depth=3D0 /C=3DHU/L=3DBudapest/O=3Dxxx/CN=3Dxxx/emailAddress=3Dxxx
verify return:1
6973:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake=20
failure:s3_pkt.c:1052:SSL alert number 40
6973:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake=20
failure:s23_lib.c:226:
f

A log v=E9ge:

Nov 18 10:55:41 firewall Host242[19285]:=20
(firewall@xxx.hu/HttpS_S:0/pssl/client): Reading channel; fd=3D'23', coun=
t=3D'5'
Nov 18 10:55:41 firewall Host242[19285]:=20
(firewall@xxx.hu/HttpS_S:0/pssl/client): data line: 16 03 01 00 07  .....=

Nov 18 10:55:41 firewall Host242[19285]:=20
(firewall@xxx.hu/HttpS_S:0/pssl/client): Reading channel; fd=3D'23', coun=
t=3D'7'
Nov 18 10:55:41 firewall Host242[19285]:=20
(firewall@xxx.hu/HttpS_S:0/pssl/client): data line: 0B 00 00 03 00 00 00 =

  .......
Nov 18 10:55:41 firewall Host242[19285]:=20
(firewall@xxx.hu/HttpS_S:0/pssl/client): Writing channel; fd=3D'23', coun=
t=3D'7'
Nov 18 10:55:41 firewall Host242[19285]:=20
(firewall@xxx.hu/HttpS_S:0/pssl/client): data line: 15 03 01 00 02 02 28 =

  ......(
Nov 18 10:55:41 firewall Host242[19285]:=20
(firewall@xxx.hu/HttpS_S:0/pssl): SSL handshake failed on the client=20
side; error=3D'error:140890C7:SSL routines:lib(20):SSL3_GET
_CLIENT_CERTIFICATE:func(137):peer did not return a certificate:reason(19=
9)'
Nov 18 10:55:41 firewall Host242[19285]:=20
(firewall@xxx.hu/HttpS_S:0/pssl): calling __destroy__() event;
Nov 18 10:55:41 firewall Host242[19285]:=20
(firewall@xxx.hu/HttpS_S:0/pssl): Proxy destroy; class=3D'HttpS_C',=20
module=3D'pssl'
Nov 18 10:55:41 firewall Host242[19285]:=20
(firewall@xxx.hu/HttpS_S:0/pssl/client): Closing channel; fd=3D'23'
Nov 18 10:55:41 firewall Host242[19285]:=20
(firewall@xxx.hu/HttpS_S:0/pssl/server): Shutdown channel; fd=3D'26', mod=
e=3D'2'
Nov 18 10:55:41 firewall Host242[19285]:=20
(firewall@xxx.hu/HttpS_S:0/pssl/server): Closing channel; fd=3D'26'
Nov 18 10:55:41 firewall Host242[19285]:=20
(firewall@xxx.hu/HttpS_S:0/pssl): Proxy ending; class=3D'HttpS_C',=20
module=3D'pssl'

Mit rontok el?

B=F3nuszk=E9rd=E9s:

Ezeket a reasonxxxx =E9s alertnumberxxx ssl hiba=FCzeneteket hogyan lehet=
=20
dek=F3dolni?


--=20
Gabor HALASZ <halasz.g@freemail.hu>