[zorp-hu] Https nyug

Hegedüs Ervin zorp-hu@lists.balabit.hu
Sun, 2 May 2004 15:56:41 +0200 

hello,

haladok a dologgal :)

most ez a konfig:

from Zorp.Core import *
from Zorp.Plug import *
from Zorp.Http import *
from Zorp.Ftp import *
from Zorp.Pssl import *

from socket import gethostbyaddr
...
class ExtMyHTTP(HttpProxy):
	def config(self):
		HttpProxy.config(self)

		try:
			RemoteHost = gethostbyaddr (self.session.client_address.ip_s)[0];
		except:
			RemoteHost = self.session.client_address.ip_s;

		self.request_headers["X-Host"] = (HTTP_HDR_INSERT, RemoteHost)
		self.session.server_address = SockAddrInet("127.0.0.1", 80)

	def setServerAddress(self, host, port):
		self.session.setServer (SockAddrInet('127.0.0.1', 80))

class MyHTTPS(PsslProxy):
	def config(self):
		PsslProxy.config(self);
		self.client_need_ssl = TRUE;
		self.server_need_ssl = FALSE;
		self.client_cert = "/usr/local/etc/zorp/https/server.crt";
		self.client_key = "/usr/local/etc/zorp/https/server.key";
		self.copy_to_server = TRUE;
		self.copy_to_client = TRUE;
		self.stack_proxy = ExtMyHTTP;
		self.client_verify_type = SSL_VERIFY_NONE;
		self.session.server_address = SockAddrInet("127.0.0.1", 80);


...
def zorp_https():
	Service("https", MyHTTPS, router = InbandRouter());
	Listener(SockAddrInet("uuu.vvv.xxx.yyy", 443), "https");


ezzel mukodik tokeletesen.

viszont a logba ilyent nyom (bocsanat a hosszu sorokert):


May  2 14:58:19 srv zorp_https[15769]: (zorp@site/https:16/pssl): Server connection established; server_fd='118', server_address='AF_INET(127.0.0.1:80)', server_zone='Zone(local, 127.0.0.0/8)', server_local='AF_INET(127.0.0.1:36358)'
May  2 14:58:19 srv zorp_https[15769]: (zorp@site/https:16/http): Proxy starting; class='ExtMyHTTP', module='http'

idaig ok minden

May  2 14:58:31 srv zorp_https[15768]: (zorp@site/https:15/http/client_upstream): Channel read timed out; fd='112'
May  2 14:58:31 srv zorp_https[15768]: (zorp@site/https:15/http): Proxy ending; class='ExtMyHTTP', module='http'
May  2 14:58:31 srv zorp_https[15768]: (zorp@site/https:15/http/client_upstream): accounting info; type='stream', duration='12', sent='146257', received='2033'
May  2 14:58:31 srv zorp_https[15768]: (zorp@site/https:15/http/server_upstream): accounting info; type='stream', duration='12', sent='2320', received='146257'
May  2 14:58:31 srv zorp_https[15767]: (zorp@site/https:15/pssl/server): Shutdown failed; attempt='1', error='Transport endpoint is not connected'
May  2 14:58:31 srv zorp_https[15770]: (zorp@site/https:16/http/client_upstream): Channel read timed out; fd='120'
May  2 14:58:31 srv zorp_https[15769]: (zorp@site/https:16/pssl/server): Shutdown failed; attempt='1', error='Transport endpoint is not connected'
May  2 14:58:31 srv zorp_https[15770]: (zorp@site/https:16/http): Proxy ending; class='ExtMyHTTP', module='http'
May  2 14:58:31 srv zorp_https[15770]: (zorp@site/https:16/http/client_upstream): accounting info; type='stream', duration='12', sent='66390', received='767'
May  2 14:58:31 srv zorp_https[15770]: (zorp@site/https:16/http/server_upstream): accounting info; type='stream', duration='12', sent='890', received='66390'

tehat egy adag time out, es gondolom ebbol kifolyolag shutdown
failed. Ezt hogy lehet kikuszobolni, ill mitol van?

ezen kivul meg egy problema: ha specialisan IE a bongeszo, akkor
meg bonuszkent megjelenik ez:

May  2 14:59:23 srv zorp_https[15767]: (zorp@site/https:15/pssl/client): Channel read failed; error='Connection reset by peer'
May  2 14:59:23 srv zorp_https[15767]: (zorp@site/https:15/pssl/client): An OS error occurred during SSL read; error='Connection reset by peer'
May  2 14:59:23 srv zorp_https[15769]: (zorp@site/https:16/pssl/client): Channel read failed; error='Connection reset by peer'
May  2 14:59:23 srv zorp_https[15769]: (zorp@site/https:16/pssl/client): An OS error occurred during SSL read; error='Connection reset by peer'

(az idoket is bent hagytam, hatha van jelentoseguk)


Koszi:

a.



-- 
Minden baj forrása az 1/x függvény.