[zorp-hu] Https nyug

Hegedüs Ervin zorp-hu@lists.balabit.hu
Sun, 2 May 2004 10:33:05 +0200


hello,

adott egy szerver, localhoston figyel az httpd, egy Zorp 2.0.2
vedi (transzparens mod nelkul)

szeretnek egy https kapcsolatot proxyzni oly modon, h a Zorp es a
httpd kozott nincs titkositas, csak a kliens-Zorp kozott.

Az alabbi konfigot hasznalom:

from Zorp.Core import *
from Zorp.Plug import *
from Zorp.Http import *
from Zorp.Ftp import *
from Zorp.Pssl import *

from socket import gethostbyaddr

...
# ez az osztaly nativ HTTP eseten mar mukodik
class MyHTTP(HttpProxy):
	def config(self):
		HttpProxy.config(self);
		try:
		        RemoteHost = gethostbyaddr (self.session.client_address.ip_s)[0];
		except:
		        RemoteHost = self.session.client_address.ip_s;

		self.request_headers["X-Host"] = (HTTP_HDR_INSERT, RemoteHost)
		self.session.server_address = SockAddrInet("127.0.0.1", 80)

		def setServerAddress(self, host, port):
		self.session.setServer (SockAddrInet('127.0.0.1', 80))

# a meglevo HTTP osztalyt probalom stackelni ssl-be:
class MyHTTPS(PsslProxy)
        def config(self):
		self.client_need_ssl = TRUE;
		self.server_need_ssl = FALSE;
		self.client_cert = "/usr/local/etc/zorp/zorp.cert";
                self.client_key = "/usr/local/etc/zorp/zorp.key";
		self.copy_to_server = TRUE;
		self.copy_to_client = TRUE;
		self.stack_proxy = MyHTTP

...

def zorp_https():
        Service("https", MyHTTPS, router = InbandRouter());
	Listener(SockAddrInet("vvv.xxx.yyy.zzz",443), "https");


a'm 9-es debuggal az alabbi eredmenyt kapom:
(a dump infokat nem copyztam be...)


zorp_https[8005]: (zorp@site/https:0/pssl): calling __startup__() event;
zorp_https[8005]: (zorp@site/https:0/pssl): calling startUp() event;
zorp_https[8001]: (Log thread): Traceback (most recent call last):
zorp_https[8001]: (Log thread):   File "/usr/local/share/zorp/pylib/Zorp/Proxy.py", line 248, in connectServer
zorp_https[8005]: (zorp@site/https:0/pssl): calling __destroy__() event;
zorp_https[8005]: (zorp@site/https:0/pssl): Proxy destroy; class='MyHTTPS', module='pssl'
zorp_https[8005]: (zorp@site/https:0/pssl/client): Shutdown channel; fd='17', mode='2'
zorp_https[8005]: (zorp@site/https:0/pssl/client): Closing channel; fd='17'
zorp_https[8005]: (zorp@site/https:0/pssl): Proxy ending; class='MyHTTPS', module='pssl'
zorp_https[8005]: (zorp@site/https:0/pssl/client): accounting info; type='stream', duration='0', sent='0', received='0'
zorp_https[8005]: (zorp@site/https:0/pssl): thread exiting;
zorp_https[8001]: (Log thread): self.session.chainer.chainParent(self.session)
zorp_https[8001]: (Log thread):   File "/usr/local/share/zorp/pylib/Zorp/Chainer.py", line 181, in chainParent
zorp_https[8001]: (Log thread):     remote = session.server_address.clone(0)
zorp_https[8001]: (Log thread): AttributeError: 'None' object has no attribute 'clone'

probaltam az ssl osztalyban igy is:
	self.copy_to_server = FALSE

az eredmeny full ua.


mit benazok?


koszi:

a.



-- 
Minden baj forrása az 1/x függvény.