[zorp] missing constants and methods in pssl.py
David Yerger
dyerger at stcservices.com
Wed Feb 20 00:56:16 CET 2008
Thanks for your help, I think we are getting there! Choking on proxy
stacking though, see below:
Bazsi wrote:
>
> You probably don't need server side keys as you disabled encryption.
> You
> want the same on the client side, e.g. you'd need
client_keypair_files,
> however the 'keypair' attributes were only added because of the GUI of
> the professional version, you need these:
>
> client_key_file -- [STRING:"":RW:R] Client side
> authentication
> private key corresponding to
> 'client_cert_file'.
> client_cert_file -- [STRING:"":RW:R] Filename of
> the client side
> authentication certificate in
> PEM format.
> This must be a server
> certificate, since
> for clients the proxy behaves
> as it were
> an SSL server.
>
OK, did that, also stripped the PEM passphrase from my private key so
Zorp could read it--
Then was seeing
Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (svc/INhttps:0/pssl):
Client side SSL handshake successful;
Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (svc/INhttps:0/pssl):
Stacking subproxy; client='19:20', server='21:22'
Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (stderr): Traceback (most
recent call last):
Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (stderr): File
"/usr/share/zorp/pylib/Zorp/Proxy.py", line 425, in stackProxy
Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (stderr):
proxyLog(self, CORE_DEBUG, 7, "Stacking child proxy; client_fd='%d',
server_fd='%d', class='%s'", (client_stream.fd, server_stream.fd,
proxy_class.__name__))
Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (stderr): AttributeError:
'tuple' object has no attribute '__name__'
Looked again at the example in
http://www.balabit.com/network-security/zorp-gateway/gpl/tutorial/,
looks like for Zorp GPL the correct form is
self.stack_proxy= OWAHttpProxy
instead of
self.stack_proxy=(Z_STACK_PROXY, OWAHttpProxy)
I now have in my policy.py:
def Zhttps():
Service("INhttps", INhttps,
router=DirectedRouter(SockAddrInet("10.0.0.9", 80)))
Listener(SockAddrInet("aaa.bbb.ccc.ddd", 50443), "INhttps")
class StrongPsslProxy(PsslProxy):
def config(self):
PsslProxy.config(self)
#docs say PSSL_VERIFY_NONE
#this will change but for now agree with present code
self.client_verify_type = SSL_VERIFY_NONE
#self.server_ca_directory = "/etc/ssl/certs/"
class OWAHttpProxy(HttpProxy):
def config(self):
HttpProxy.config(self)
self.request_header["Front-End-Https"]=(HTTP_HDR_INSERT,
"on")
class INhttps(StrongPsslProxy):
def config(self):
StrongPsslProxy.config(self)
self.server_need_ssl=FALSE
self.client_key_file = "/etc/ssl/private/owa.key"
self.client_cert_file = "/etc/ssl/certs/owa.crt"
self.stack_proxy=OWAHttpProxy
which seems to work.
Thanks again
David Yerger
More information about the zorp
mailing list