[zorp] missing constants and methods in pssl.py

David Yerger dyerger at stcservices.com
Wed Feb 20 00:56:16 CET 2008

Thanks for your help, I think we are getting there!  Choking on proxy
stacking though, see below:

Bazsi wrote:
> You probably don't need server side keys as you disabled encryption.
> You
> want the same on the client side, e.g. you'd need
> however the 'keypair' attributes were only added because of the GUI of
> the professional version, you need these:
>           client_key_file             -- [STRING:"":RW:R] Client side
> authentication
>                                          private key corresponding to
> 'client_cert_file'.
>           client_cert_file            -- [STRING:"":RW:R] Filename of
> the client side
>                                          authentication certificate in
> PEM format.
>                                          This must be a server
> certificate, since
>                                          for clients the proxy behaves
> as it were
>                                          an SSL server.

OK, did that, also stripped the PEM passphrase from my private key so
Zorp could read it--  

Then was seeing

Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (svc/INhttps:0/pssl):
Client side SSL handshake successful;
Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (svc/INhttps:0/pssl):
Stacking subproxy; client='19:20', server='21:22'
Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (stderr): Traceback (most
recent call last):
Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (stderr):   File
"/usr/share/zorp/pylib/Zorp/Proxy.py", line 425, in stackProxy
Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (stderr):
proxyLog(self, CORE_DEBUG, 7, "Stacking child proxy; client_fd='%d',
server_fd='%d', class='%s'", (client_stream.fd, server_stream.fd,
Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (stderr): AttributeError:
'tuple' object has no attribute '__name__'

Looked again at the example in
looks like for Zorp GPL the correct form is 

self.stack_proxy= OWAHttpProxy

instead of

self.stack_proxy=(Z_STACK_PROXY, OWAHttpProxy)

I now have in my policy.py:

def Zhttps():
        Service("INhttps", INhttps,
                router=DirectedRouter(SockAddrInet("", 80)))
        Listener(SockAddrInet("aaa.bbb.ccc.ddd", 50443), "INhttps")

class StrongPsslProxy(PsslProxy):
        def config(self):
                #docs say PSSL_VERIFY_NONE
                #this will change but for now agree with present code
                self.client_verify_type = SSL_VERIFY_NONE
                #self.server_ca_directory = "/etc/ssl/certs/"

class OWAHttpProxy(HttpProxy):
        def config(self):

class INhttps(StrongPsslProxy):
        def config(self):
                self.client_key_file = "/etc/ssl/private/owa.key"
                self.client_cert_file = "/etc/ssl/certs/owa.crt"

which seems to work.

Thanks again

David Yerger


More information about the zorp mailing list