[zorp-hu] 3.9 ssl keybridge nem indul
Kosa Attila
zsiga at kosaek.hu
2011. Ápr. 14., Cs, 10:11:11 CEST
On Wed, Apr 13, 2011 at 04:21:02PM +0200, KOVACS Krisztian wrote:
>
> Valtozik a helyzet, ha a forge_addr-ot kikapcsolod erre a service-re? (A
> logbol az latszik, hogy a Zorp nem tudott kapcsolodni. Meg kellene
> nezned egy tcpdump-ot, hogy mi tortenik pontosan.)
Valtozik, igy mar kimegy, es generalodik is tanusitvany.
Viszont a klienshez nem jut el semmi.
Apr 14 09:49:04 squeeze-zorp39gpl zorp/zorp_https[15299]: core.session(5): (svc/intra_Keybridge_HTTPS_inter): Starting service; name='intra_Keybridge_HTTPS_inter'
Apr 14 09:49:04 squeeze-zorp39gpl zorp/zorp_https[15299]: core.session(3): (svc/intra_Keybridge_HTTPS_inter:0): Starting proxy instance; client_fd='20', client_address='AF_INET(192.168.2.1:1398)', client_zone='Zone(intranet, 192.168.2.0/24)', client_local='AF_INET(195.228.112.250:443)', client_protocol='TCP'
Apr 14 09:49:04 squeeze-zorp39gpl zorp/zorp_https[15299]: core.session(5): (svc/intra_Keybridge_HTTPS_inter:0/http): Proxy starting; class='KeybridgeStrongHttpsProxy', proxy='http'
Apr 14 09:49:04 squeeze-zorp39gpl zorp/zorp_https[15299]: core.session(3): (svc/intra_Keybridge_HTTPS_inter:0/http): Server connection established; server_fd='24', server_address='AF_INET(195.228.112.250:443)', server_zone='Zone(internet, 0.0.0.0/0)', server_local='AF_INET(192.168.100.140:44708)', server_protocol='TCP'
Apr 14 09:49:04 squeeze-zorp39gpl zorp/zorp_https[15299]: core.debug(4): (svc/intra_Keybridge_HTTPS_inter:0/http): Identified peer; side='server', peer='/1.3.6.1.4.1.311.60.2.1.3=HU/businessCategory=V1.0, Clause 5.(b)/serialNumber=CG 01-10-041585/C=HU/postalCode=1051/ST=Budapest/L=Budapest/street=Nador utca 16./O=OTP Bank Nyrt./OU=ITUIG/CN=www.otpbank.hu', issuer='/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA', serial='1CA1232D46C148CACE9D67EA4AA4D58D', version='2'
Apr 14 09:49:04 squeeze-zorp39gpl zorp/zorp_https[15299]: core.debug(4): (svc/intra_Keybridge_HTTPS_inter:0/http): Generating key for the client; trusted='1'
Apr 14 09:49:04 squeeze-zorp39gpl zorp/zorp_https[15299]: core.debug(5): (svc/intra_Keybridge_HTTPS_inter:0/http): Loading cached certificate; file='/var/lib/zorp/keybridge-cache/trusted-1e5e384ebb1630a2e0d7137de2b33fbe.crt'
Apr 14 09:49:04 squeeze-zorp39gpl zorp/zorp_https[15299]: core.debug(5): (svc/intra_Keybridge_HTTPS_inter:0/http): Cached certificate ok, reusing; file='/var/lib/zorp/keybridge-cache/trusted-1e5e384ebb1630a2e0d7137de2b33fbe.crt'
Apr 14 09:49:04 squeeze-zorp39gpl zorp/zorp_https[15299]: core.accounting(4): (svc/intra_Keybridge_HTTPS_inter:0/http/client): accounting info; type='ZStreamSsl', duration='0', sent='0', received='0'
Apr 14 09:49:04 squeeze-zorp39gpl zorp/zorp_https[15299]: core.accounting(4): (svc/intra_Keybridge_HTTPS_inter:0/http/client): accounting info; type='ZStreamLine', duration='0', sent='0', received='0'
Apr 14 09:49:05 squeeze-zorp39gpl zorp/zorp_https[15299]: core.error(1): (svc/intra_Keybridge_HTTPS_inter:0/http/server): Stream read failed; stream='ZStreamFD', reason='Channel read timed out'
Apr 14 09:49:05 squeeze-zorp39gpl zorp/zorp_https[15299]: core.accounting(4): (svc/intra_Keybridge_HTTPS_inter:0/http/server): accounting info; type='ZStreamSsl', duration='1', sent='0', received='0'
Apr 14 09:49:05 squeeze-zorp39gpl zorp/zorp_https[15299]: core.session(5): (svc/intra_Keybridge_HTTPS_inter:0/http): Proxy ending; class='KeybridgeStrongHttpsProxy', module='http'
Apr 14 09:49:05 squeeze-zorp39gpl zorp/zorp_https[15299]: core.accounting(4): (svc/intra_Keybridge_HTTPS_inter:0/http/server): accounting info; type='ZStreamFD', duration='1', sent='438', received='4631'
Apr 14 09:49:05 squeeze-zorp39gpl zorp/zorp_https[15299]: core.session(4): (svc/intra_Keybridge_HTTPS_inter:0): Ending proxy instance;
Sima http oldal bejon, tehat a halozat mukodik. Azonban az
latszik, hogy a bongeszo mar dobja, hogy nem elerheto az oldal,
es a logban csak ezutan jelennek meg a zorp uzenetei. Ugyanakkor
a tcpdump-ban az latszik, hogy jonnek-mennek a csomagok a kliens
es a tuzfal kozott. Ennel jobban meg nem melyultem el a tcpdump
elemzeseben eddig.
--
Udvozlettel
Zsiga
További információk a(z) zorp-hu levelezőlistáról