[zorp] missing constants and methods in pssl.py

Balazs Scheidler bazsi at balabit.hu
Wed Feb 20 10:49:44 CET 2008 

On Tue, 2008-02-19 at 18:56 -0500, David Yerger wrote:
> Thanks for your help, I think we are getting there!  Choking on proxy
> stacking though, see below:
> 
> Bazsi wrote:
> > 
> > You probably don't need server side keys as you disabled encryption.
> > You
> > want the same on the client side, e.g. you'd need
> client_keypair_files,
> > however the 'keypair' attributes were only added because of the GUI of
> > the professional version, you need these:
> > 
> >           client_key_file             -- [STRING:"":RW:R] Client side
> > authentication
> >                                          private key corresponding to
> > 'client_cert_file'.
> >           client_cert_file            -- [STRING:"":RW:R] Filename of
> > the client side
> >                                          authentication certificate in
> > PEM format.
> >                                          This must be a server
> > certificate, since
> >                                          for clients the proxy behaves
> > as it were
> >                                          an SSL server.
> > 
> 
> OK, did that, also stripped the PEM passphrase from my private key so
> Zorp could read it--  
> 
> 
> Then was seeing
> 
> Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (svc/INhttps:0/pssl):
> Client side SSL handshake successful;
> Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (svc/INhttps:0/pssl):
> Stacking subproxy; client='19:20', server='21:22'
> Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (stderr): Traceback (most
> recent call last):
> Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (stderr):   File
> "/usr/share/zorp/pylib/Zorp/Proxy.py", line 425, in stackProxy
> Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (stderr):
> proxyLog(self, CORE_DEBUG, 7, "Stacking child proxy; client_fd='%d',
> server_fd='%d', class='%s'", (client_stream.fd, server_stream.fd,
> proxy_class.__name__))
> Feb 19 18:01:00 localhost zorp/Zhttps[6286]: (stderr): AttributeError:
> 'tuple' object has no attribute '__name__'
> 
> 
> Looked again at the example in
> http://www.balabit.com/network-security/zorp-gateway/gpl/tutorial/,
> looks like for Zorp GPL the correct form is 
> 
> self.stack_proxy= OWAHttpProxy
> 
> instead of
> 
> self.stack_proxy=(Z_STACK_PROXY, OWAHttpProxy)

Hm... this should also work for the GPLd version, let me check... 

You are right, it indeed does not work, as the stacking generalization
that was done in the Pro version was not released as part of the GPLd
version.

I'm checking in a patch that will allow the use of the same format (e.g.
the tuple based format), while retaining the program & remote stacking
features.

Thanks for noticing and reporting this.



-- 
Bazsi

More information about the zorp mailing list