| Author: | Ng Pheng Siong |
|---|---|
| Id: | ZServerSSL-HOWTO,v 1.1 2003/06/22 17:40:13 ngps Exp |
| Date: | 2003-06-22 |
| Web-Site: | http://chandlerproject.org/Projects/MeTooCrypto |
ZServerSSL adds to Zope's ZServer the following:
With the HTTPS server, ZServerSSL also provides WebDAV-over-HTTPS and XMLRPC-over-HTTPS access to Zope.
These instructions apply to both Un*x and Windows installations of Zope 2.6.1. To avoid cluttering the presentation, Windows pathnames are shown in Un*x fashion.
The ZServerSSL distribution is in $M2/demo/Zope. We shall refer to this directory as $ZSSL.
Below, we refer to your Zope top-level directory as $ZOPE.
Copy $ZSSL/z2s.py into $ZOPE.
Depending on your operating system, modify $ZOPE/start or $ZOPE/start.bat to invoke $ZOPE/z2s.py, instead of $ZOPE/z2.py. The files $ZSSL/starts and $ZSSL/starts.bat serve as examples.
Copy $ZSSL/dh1024.pem into $ZOPE. This file contains Diffie-Hellman parameters for use by the SSL protocol.
Copy $ZSSL/randpool.dat into $ZOPE. This file contains seed material for the OpenSSL PRNG. Alternatively, create $ZOPE/randpool.dat thusly:
$ dd if=/dev/urandom of=randpool.dat bs=1024 count=1
Copy $ZSSL/ca.pem to $ZOPE. This file contains an example Certification Authority (CA) certificate. For information on operating your own CA, see howto.ca.html or one of numerous similar documents available on the web.
Copy $ZSSL/server.pem to $ZOPE. This file contains an RSA key pair and its X.509v3 certificate issued by the above CA. You may also create your own key/certificate bundle.
Copy $ZSSL/ZServer/HTTPS_Server.py to $ZOPE/ZServer.
Copy $ZSSL/ZServer/__init__.py to $ZOPE/ZServer. This overwrites the existing $ZOPE/ZServer/__init__.py. Alternatively, apply the following patch to $ZOPE/ZServer/__init__.py:
--- __init__.py.org Sat Jun 21 23:20:41 2003 +++ __init__.py Tue Jan 7 23:30:53 2003 @@ -84,6 +84,7 @@ import asyncore from medusa import resolver, logger from HTTPServer import zhttp_server, zhttp_handler +from HTTPS_Server import zhttps_server, zhttps_handler from PCGIServer import PCGIServer from FCGIServer import FCGIServer from FTPServer import FTPServer
Copy $ZSSL/ZServer/medusa/https_server.py to $ZOPE/ZServer/medusa.
Stop Zope, if it is running.
Start Zope with ZServerSSL thusly:
./starts -X -f 9021 -w 9080 -W 9081 -y 9443 -Y 9444
This starts the following:
Below, we assume your Zope server is running on localhost.
This testing is done with Mozilla 1.1 on FreeBSD.
This testing is done with Cadaver 0.21.0 on FreeBSD.
$ cadaver https://localhost:9443/
WARNING: Untrusted server certificate presented:
Issued to: M2Crypto, SG
Issued by: M2Crypto, SG
Do you wish to accept the certificate? (y/n) y
dav:/> ls
Listing collection `/': succeeded.
Coll: Channels 0 Jun 19 00:04
Coll: Control_Panel 0 Jun 6 00:13
Coll: Examples 0 Jun 6 00:12
Coll: catalog 0 Jun 12 11:53
Coll: ngps 0 Jun 16 15:34
Coll: portal 0 Jun 21 15:21
Coll: skunk 0 Jun 18 21:18
Coll: temp_folder 0 Jun 22 17:57
Coll: zope 0 Jun 20 15:27
acl_users 0 Dec 30 1998
browser_id_manager 0 Jun 6 00:12
default.css 3037 Jun 21 16:38
error_log 0 Jun 6 00:12
index_html 313 Jun 12 13:36
portal0 0 Jun 21 15:21
session_data_manager 0 Jun 6 00:12
standard_error_message 1365 Jan 21 2001
standard_html_footer 50 Jun 12 12:30
standard_html_header 80 Jan 21 2001
standard_template.pt 282 Jun 6 00:12
zsyncer 0 Jun 17 15:28
dav:/> quit
Connection to `localhost' closed.
$
This testing is done with Mozilla 1.1 on FreeBSD.
This testing is done with M2Crypto 0.11 and Python 2.2.2 on FreeBSD.
>>> from M2Crypto import Rand, SSL, m2urllib
>>> url = m2urllib.FancyURLopener()
>>> url.addheader('Connection', 'close')
>>> u = url.open('https://127.0.0.1:9443/')
send: 'GET / HTTP/1.1\r\nHost: 127.0.0.1:9443\r\nAccept-Encoding: identity\r\nUser-agent: Python-urllib/1.15\r\nConnection: close\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Server: ZServerSSL/0.11
header: Date: Sun, 22 Jun 2003 13:42:34 GMT
header: Connection: close
header: Content-Type: text/html
header: Etag:
header: Content-Length: 535
>>> while 1:
... data = u.read()
... if not data: break
... print(data)
...
<html><head> <base href="https://127.0.0.1:9443/" /> <title>Zope</title></head><body bgcolor="#FFFFFF"> <h1>NgPS Desktop Portal</h1> So many hacks.<br> So little time.<br> <h2>Link Farm</h2> <ul> <li><a href="http://localhost:8080/portal">Portal</a></li> <li><a href="http://localhost/">Local Apache Home Page</a></li> </ul> <hr><a href="http://www.zope.org/Credits" target="_top"><img src="https://127.0.0.1:9443/p_/ZopeButton" width="115" height="50" border="0" alt="Powered by Zope" /></a></body></html>
>>> u.close() >>>
>>> from M2Crypto.m2xmlrpclib import Server, SSL_Transport
>>> zs = Server('https://127.0.0.1:9443/', SSL_Transport())
>>> print(zs.propertyMap())
[{'type': 'string', 'id': 'title', 'mode': 'w'}]
>>>
Well, it works! ;-)