[zorp-hu] 3.9 ssl keybridge nem indul

KOVACS Krisztian hidden at balabit.hu
2011. Ápr. 13., Sze, 15:51:30 CEST 

Sziasztok,

On 04/13/2011 11:41 AM, Kosa Attila wrote:
> A konfigot a zorp-gateway-v3.3FR1-tutorial-ssl-en.pdf nevu
> - altalatok javasolt - dokumentaciobol vettem:
> 
> from Zorp.Core import *
> from Zorp.Pssl import *
> from Zorp.Http import *
> 
> 
> InetZone("intranet", "192.168.2.0/24",
>         inbound_services=[],
>         outbound_services=["intra_Keybridge_HTTPS_inter"])
> 
> InetZone("internet", "0.0.0.0/0",
>         inbound_services=["intra_Keybridge_HTTPS_inter"],
>         outbound_services=[])
> 
> class StrongHttpsProxy(HttpProxy):
>         def config(self):
>                 HttpProxy.config(self)
>                 self.ssl.client_keypair_files=("/etc/ssl/certs/fw.akarmi.hu.crt", "/etc/ssl/private/fw.akarmi.hu.key")
>                 self.ssl.client_verify_type=SSL_VERIFY_NONE
>                 self.ssl.client_connection_security = SSL_FORCE_SSL
>                 self.ssl.server_connection_security = SSL_FORCE_SSL
>                 self.ssl.server_cagroup_directories=("/etc/zorp/ca.crt", "/etc/zorp/crls/")
>                 self.ssl.server_ssl_method=SSL_METHOD_ALL
>                 self.ssl.server_disable_proto_sslv2=TRUE
>                 self.ssl.server_ssl_cipher=SSL_CIPHERS_HIGH
>                 self.ssl.server_verify_type=SSL_VERIFY_REQUIRED_UNTRUSTED
> 
> 
> class KeybrideStrongHttpsProxy(StrongHttpsProxy):
>         def config(self):
>                 StrongPsslProxy.config(self)

A fentit javitsd ki 'StrongHttpsProxy.config(self)'-re.

Vegulis itt arrol van szo, hogy a szulo osztaly config metodusat hivja
meg, szoval a szulo osztaly nevet kell odairni a .config(self) ele.

>                 self.handshake_seq=PSSL_HSO_SERVER_CLIENT
>                 self.client_keypair_generate=TRUE
>                 self.ssl.key_generator=X509KeyBridge(key_file="/etc/zorp/keybridging_cert/fwca.key", key_passphrase="jelszo", cache_directory="/var/lib/zorp/ssl-bridge", trusted_ca_files=("/etc/zorp/certs/trust.crt", "/etc/zorp/certs/trust.key.nopass"), untrusted_ca_files=("/etc/zorp/certs/untrust.crt", "/etc/zorp/certs/untrust.key.nopass"))
> 
> def ssl_keybridge() :
>         Service(name="intra_Keybridge_HTTPS_inter", proxy_class=KeybrideStrongHttpsProxy, router=TransparentRouter(overrideable=FALSE, forge_addr=TRUE))
> 
>         Dispatcher(bindto=SockAddrInet('192.168.2.254', 50443), service="intra_Keybridge_HTTPS_inter", transparent=TRUE, threaded=FALSE, backlog=255)
> 

-- 
KOVACS Krisztian

További információk a(z) zorp-hu levelezőlistáról