On 8/05/2012 5:48 p.m., Ahmed Talha Khan wrote:
> Hey All,
>
> I am interested in knowing how i can use squid as an SSL endpoint for
> protocols other then HTTPS. The scenario is that i want to use its SSL
> handling capability and use it for some other protocol which is going
> inside SSL.
First problem: Squid does not provide any SSL handling capability. Squid
just passes data streams to OpenSSL. For non-HTTP protocols the best way
is to find a proxy for that protocol and add OpenSSL or other TLS
library support.
> This requires hooks into the squid code-base. I assume
> that the design being modular, will offer ssl handling layer with
> interfaces connecting it too the main Data Processing engine for HTTP.
Second problem: that "Data Processing engine for HTTP" is the component
called Squid. Everything else is just minor modules hooked onto it.
==> before going anywhere near the code take a very good look at the
protocol you are trying to write into Squid and ensure that it operates
with matching semantic and data flow properties to HTTP.
> I want to tap into that interface and use the ssl layer output, which
> should be plain-traffic. Since SSL output is not protocol specific, i
> would be able to use it for any protocol that i want.
What you are describing is the OpenSSL / libgnutls / libnss library
APIs. Squid interfaces produce and pass around HTTP state objects, with
fixed semantic meanings and data properties.
>
> Can anbody give me hints where to start in the code and what to look
> for? Also is there anyother way?
Use an SS / TLS library.
Amos
Received on Tue May 08 2012 - 08:59:53 MDT
This archive was generated by hypermail 2.2.0 : Tue May 08 2012 - 12:00:10 MDT