[zorp] Reverse proxy + side stacking broken (config?) for large pages?

Tue Nov 29 14:49:24 CET 2011

Using Zorp GPL 3.3, have a reverse proxy for OWA, I added 

def Zcommunicator():
        Service("INcommunicator", INcommunicator,
                chainer=SideStackChainer(CommunicatorHttpProxy),
                router=DirectedRouter(SockAddrInet("<LAN IP>", 80)))
        Listener(SockAddrInet("<public ip>", 55000), "INcommunicator")

class CommunicatorHttpProxy(HttpProxy):
        def config(self):
                HttpProxy.config(self)
                self.request["GET"] = (HTTP_REQ_POLICY, self.filterURL)
                self.request["POST"] = (HTTP_REQ_POLICY, self.filterURL)

        def filterURL(self, method, url, version):
                if ("http://<public DNS>:5500/cas" in url):
                        self.session.setServer(SockAddrInet("10.0.7.2", 5447))
                elif ("http://<public DNS>:5500/director2" in url):
                        self.session.setServer(SockAddrInet("10.0.7.2", 5449))
                elif ("http://<public DNS>:5500/techops" in url):
                        self.session.setServer(SockAddrInet("10.0.0.6", 80))
                elif ("http://<public DNS>:5500/fubar" in url):
                        self.session.setServer(SockAddrInet("10.0.0.6", 80))
                else: self.session.setServer(SockAddrInet("10.0.7.2", 80))
                return HTTP_REQ_ACCEPT

class INcommunicator(PsslProxy):
        def config(self):
                PsslProxy.config(self)
                self.client_verify_type = SSL_VERIFY_NONE
                self.client_ca_directory = "/etc/ssl/certs"
                self.server_need_ssl=FALSE
                self.client_key_file = "/etc/ssl/private/xxx.key"
                self.client_cert_file = "/etc/ssl/certs/xxx.crt"
                #self.stack_proxy = CommunicatorHttpProxy

the "fubar" URL doesn't point to a real location--and I get the 500 error page back from the web server.

But when I try a (larger) real page, I'm seeing

Nov 28 15:42:39 localhost zorp/Zcommunicator[4334]: (svc/INcommunicator:9): Starting proxy instance; client_fd='15', client_address='AF_INET(<public ip>:2220)', client_zone='Zone(inter, 0.0.0.0/0)', client_local='AF_INET(<public ip>:5500)', client_protocol='TCP'
Nov 28 15:42:39 localhost zorp/Zcommunicator[4334]: (svc/INcommunicator:9/pssl): SSL handshake failed on the client side; error='error:1407609C:SSL routines:lib(20):SSL23_GET_CLIENT_HELLO:func(118):http request:reason(156)' 

Ideas?  Should I just reinstall 3.9.2 and copy my config files over?   (no apt-get dist-upgrade option I see)

Thanks in advance