1. ZServerSSL-HOWTO¶
- author
- Pheng Siong Ng <ngps@post1.com> 
- copyright
- © 2000, 2001 by Ng Pheng Siong. 
- date
- 2003-06-22 
Contents
1.1. Introduction¶
ZServerSSL adds to Zope’s ZServer the following:
- HTTPS server 
- WebDAV-source-over-HTTPS server 
With the HTTPS server, ZServerSSL also provides WebDAV-over-HTTPS and XMLRPC-over-HTTPS access to Zope.
These instructions apply to both Un*x and Windows installations of Zope 2.6.1. To avoid cluttering the presentation, Windows pathnames are shown in Un*x fashion.
1.2. Preparation¶
- Download M2Crypto 0.11, contained in the file - m2crypto-0.11.zip.
- Unpack - m2crypto-0.11.zip. This will create a directory- m2crypto-0.11. Henceforth, we refer to this directory as- $M2.
- Install M2Crypto per the instructions in - $M2/INSTALL.
The ZServerSSL distribution is in $M2/demo/Zope. We shall refer to
this directory as $ZSSL.
1.3. Installation¶
Below, we refer to your Zope top-level directory as $ZOPE.
- Copy - $ZSSL/z2s.pyinto- $ZOPE.
- Depending on your operating system, modify - $ZOPE/startor- $ZOPE/start.batto invoke- $ZOPE/z2s.py, instead of- $ZOPE/z2.py. The files- $ZSSL/startsand- $ZSSL/starts.batserve as examples.
- Copy - $ZSSL/dh1024.peminto- $ZOPE. This file contains Diffie-Hellman parameters for use by the SSL protocol.
- Copy - $ZSSL/randpool.datinto- $ZOPE. This file contains seed material for the OpenSSL PRNG. Alternatively, create- $ZOPE/randpool.datthusly:- $ dd if=/dev/urandom of=randpool.dat bs=1024 count=1 
- Copy - $ZSSL/ca.pemto- $ZOPE. This file contains an example Certification Authority (CA) certificate. For information on operating your own CA, see HOWTO: Creating your own CA with OpenSSL or one of numerous similar documents available on the web.
- Copy - $ZSSL/server.pemto- $ZOPE. This file contains an RSA key pair and its X.509v3 certificate issued by the above CA. You may also create your own key/certificate bundle.
- Copy - $ZSSL/ZServer/HTTPS_Server.pyto- $ZOPE/ZServer.
- Copy - $ZSSL/ZServer/__init__.pyto- $ZOPE/ZServer. This overwrites the existing- $ZOPE/ZServer/__init__.py. Alternatively, apply the following patch to- $ZOPE/ZServer/__init__.py:- --- __init__.py.org Sat Jun 21 23:20:41 2003 +++ __init__.py Tue Jan 7 23:30:53 2003 @@ -84,6 +84,7 @@ import asyncore from medusa import resolver, logger from HTTPServer import zhttp_server, zhttp_handler +from HTTPS_Server import zhttps_server, zhttps_handler from PCGIServer import PCGIServer from FCGIServer import FCGIServer from FTPServer import FTPServer 
- Copy - $ZSSL/ZServer/medusa/https_server.pyto- $ZOPE/ZServer/medusa.
- Stop Zope, if it is running. 
- Start Zope with ZServerSSL thusly: - ./starts -X -f 9021 -w 9080 -W 9081 -y 9443 -Y 9444 - This starts the following: - an FTP server on port 9021 
- a HTTP server on port 9080 
- a WebDAV-source server on port 9081 
- a HTTPS server on port 9443 
- a WebDAV-source-over-HTTPS server on port 9444 
 
1.4. Testing¶
Below, we assume your Zope server is running on localhost.
1.5. HTTPS¶
This testing is done with Mozilla 1.1 on FreeBSD.
- With a browser, connect to https://localhost:9443/. Browse around. Check out your browser’s HTTPS informational screens. 
- Connect to https://localhost:9443/manage. Verify that you can access Zope’s management functionality. 
1.6. WebDAV-over-HTTPS¶
This testing is done with Cadaver 0.21.0 on FreeBSD.:
$ cadaver https://localhost:9443/
WARNING: Untrusted server certificate presented:
Issued to: M2Crypto, SG
Issued by: M2Crypto, SG
Do you wish to accept the certificate? (y/n) y
dav:/> ls
Listing collection `/': succeeded.
Coll:   Channels                               0  Jun 19 00:04
Coll:   Control_Panel                          0  Jun  6 00:13
Coll:   Examples                               0  Jun  6 00:12
Coll:   catalog                                0  Jun 12 11:53
Coll:   ngps                                   0  Jun 16 15:34
Coll:   portal                                 0  Jun 21 15:21
Coll:   skunk                                  0  Jun 18 21:18
Coll:   temp_folder                            0  Jun 22 17:57
Coll:   zope                                   0  Jun 20 15:27
        acl_users                              0  Dec 30  1998
        browser_id_manager                     0  Jun  6 00:12
        default.css                         3037  Jun 21 16:38
        error_log                              0  Jun  6 00:12
        index_html                           313  Jun 12 13:36
        portal0                                0  Jun 21 15:21
        session_data_manager                   0  Jun  6 00:12
        standard_error_message              1365  Jan 21  2001
        standard_html_footer                  50  Jun 12 12:30
        standard_html_header                  80  Jan 21  2001
        standard_template.pt                 282  Jun  6 00:12
        zsyncer                                0  Jun 17 15:28
dav:/> quit
Connection to `localhost' closed.
$
1.7. WebDAV-Source-over-HTTPS¶
This testing is done with Mozilla 1.1 on FreeBSD.
- Open the Mozilla Composer window. 
- Click “File”, “Open Web Location”. A dialog box appears. 
- Enter - https://localhost:9444/index_htmlfor the URL.
- Select “Open in new Composer window.” 
- Click “Open”. A new Composer window will open with - index_htmlloaded.
1.8. Python with M2Crypto¶
This testing is done with M2Crypto 0.11 and Python 2.2.2 on FreeBSD.
1.9. HTTPS¶
>>> from M2Crypto import Rand, SSL, m2urllib
>>> url = m2urllib.FancyURLopener()
>>> url.addheader('Connection', 'close')
>>> u = url.open('https://127.0.0.1:9443/')
send: 'GET / HTTP/1.1\r\nHost: 127.0.0.1:9443\r\nAccept-Encoding: identity\r\nUser-agent: Python-urllib/1.15\r\nConnection: close\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Server: ZServerSSL/0.11
header: Date: Sun, 22 Jun 2003 13:42:34 GMT
header: Connection: close
header: Content-Type: text/html
header: Etag:
header: Content-Length: 535
>>> while 1:
...     data = u.read()
...     if not data: break
...     print(data)
...
<html><head>
<base href="https://127.0.0.1:9443/" />
<title>Zope</title></head><body bgcolor="#FFFFFF">
<h1>NgPS Desktop Portal</h1>
  So many hacks.<br>
  So little time.<br>
<h2>Link Farm</h2>
<ul>
<li><a href="http://localhost:8080/portal">Portal</a></li>
<li><a href="http://localhost/">Local Apache Home Page</a></li>
</ul>
<hr><a href="http://www.zope.org/Credits" target="_top"><img src="https://127.0.0.1:9443/p_/ZopeButton" width="115" height="50" border="0" alt="Powered by Zope" /></a></body></html>
>>> u.close()
>>>
1.10. XMLRPC-over-HTTPS¶
>>> from M2Crypto.m2xmlrpclib import Server, SSL_Transport
>>> zs = Server('https://127.0.0.1:9443/', SSL_Transport())
>>> print(zs.propertyMap())
[{'type': 'string', 'id': 'title', 'mode': 'w'}]
>>>
1.11. Conclusion¶
Well, it works! ;-)