Re: [SQU] OpenSSL

You need to first make the CONNECT HTTP request to the proxy, and then
set up SSL on the already opened filehandle.

SSL only starts after the completetion of the CONNECT HTTP method.

--
Henrik Nordstrom
Squid hacker
Joe Sheehan wrote:
> 
> Sorry to keep bothering you on this issue but I've got a little
> client/server app running through Squid. I'm using CONNECT which is holding
> the connection but how can I make this connection without
> regular reads/write. I try CONNECT with SSL_write and it fails to get
> through squid to the server. It seems squid won't accept a SSL connection.
> 
> Joe
> 
> >From: Henrik Nordstrom <hno@hem.passagen.se>
> >To: Joe Sheehan <triswimjoe@hotmail.com>
> >CC: squid-dev@squid-cache.org
> >Subject: Re: [SQU] OpenSSL
> >Date: Tue, 17 Oct 2000 21:25:02 +0200
> >
> >That is because the GET statement to the origin server should not
> >include http(s)://servername:port
> >
> >So if you have a request for https://www.example.com/path/to/some/file
> >then the request to the server is GET /path/to/some/file
> >
> >The CONNECT method for HTTP proxies establishes a tunnel to the
> >requested server:port. When the CONNECT method finished you are left
> >with a full duplex connection to the requested server, just as if you
> >had connected directly.
> >
> >--
> >Henrik Nordstrom
> >Squid hacker
> >
> >
> >Joe Sheehan wrote:
> > >
> > > Sorry to keep bothering you but that's exactly what I've been trying
> > > to do so I just the
> > >
> > > CONNECT method but trying to bring back the page from the particular
> >site
> > > fails because it does not recognize https within the GET statement.
> > >
> > > >From: Henrik Nordstrom <hno@hem.passagen.se>
> > > >To: Joe Sheehan <triswimjoe@hotmail.com>
> > > >CC: squid-dev@squid-cache.org
> > > >Subject: Re: [SQU] OpenSSL
> > > >Date: Tue, 17 Oct 2000 13:02:55 +0200
> > > >
> > > >Ok. I think I misread your question. It seem you are after how to
> >access
> > > >SSL thru a HTTP proxy rather than HTTP->HTTPS gatewaying?
> > > >
> > > >If so, then you must use the CONNECT method
> > > >
> > > >CONNECT servername:port HTTP/1.0
> > > >[any other headers that apply to the connection request, like
> >User-Agent
> > > >and/or Proxy-Authorization]
> > > >
> > > >
> > > >/Henrik
> > > >
> > > >
> > > >Joe Sheehan wrote:
> > > > >
> > > > > That's what I've read so I tried testing my program by going
> >straight
> > > > > out without squid. Works no problem with OpenSSL but can't make
> > > > > the proper connection through squid. I even tried setting up another
> > > >machine
> > > > > with Apache and I'm able to bring back the home page for that
> > > > > machine using OpenSSL.
> > > > >
> > > > > When I run Netscape using squid both http and https are set for
> >8080.
> > > > > Could this be the problem?
> > > >
> > >
> > >
> >_________________________________________________________________________
> > > Get Your Private, Free E-mail from MSN Hotmail at
> >http://www.hotmail.com.
> > >
> > > Share information about yourself, create your own public profile at
> > > http://profiles.msn.com.
> >
> 
> _________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
> 
> Share information about yourself, create your own public profile at
> http://profiles.msn.com.