Re: [squid-users] Plans to support proxying of client certificates in

The update is included in the Squid-3 development version of Squid from
the date of announcement of the SSL update.

There is no plans on including this update in Squid-2.5.

If there is a Squid-2.6 release then it may include the SSL update.

Regards
Henrik

ons 2002-12-18 klockan 13.08 skrev Dan Cave:
> Henrik,
>
> Ok, I follow all that, in what version of squid includes this update?
>
> Regards
>
> Dan.
>
> > The SSL update to Squid includes support for specifying a client
> > certificate Squid should use when connecting as an SSL client to SSL
> > servers. Mainly useful if you run Squid as a reverse-proxy accepting SSL
> > requests from your clients and want Squid to in turn use SSL to encrypt
> > the traffic it receives from your backend servers and for security needs
> > to have the connection authenticated as coming from your Squid.
> >
> > The SSL client in the Squid SSL update can be activated in a number of
> > ways
> >
> > a) By cache_peer, specifying that the peer is an SSL enabled server.
> >
> > b) By using a redirector who rewrites requests received via HTTP into
> > https:// URLs.
> >
> > c) By receiving https:// URLs in HTTP proxy requests from clients
> > without native support for SSL (such as old versions of lynx etc).
> >
> >
> > You cannot proxy a clients certificate as for presenting a certificate
> > you need access to the private key the certificate certifies. If you
> > have accepted to be an SSL endpoint then all you can do is to open a new
> > SSL connection with your own set of authentication.
> >
> >
> > For client<->server certificate authentiction the connection must be
> > directly between the client and server with no proxies inbetween. There
> > MAY however be tunnels inbetween such as those established over HTTP
> > proxies by using the CONNECT method, but in technical terms CONNECT is
> > not proxying but tunneling.
> >
> >
> > Regards
> > Henrik
> >
> > Dan Cave wrote:
> >
> >> Hi All,
> >>
> >> Can anyone tell me if there are plans to support the proxying of client
> >> certificates within squid, whereby a client will connect to a squid proxy
> >> (just configured to act as a proxy, no caching) and based on the rules,
> >> squid will connect to an SSL enabled webserver which requires a client
> >> certificate, at that point passing a client cert to that host from within
> >> squid.
> >>
> >> I have spent some time at great lengths to try and achieve this using Apache
> >> v2 but descovered that it doesn't work.
> >>
> >> I would be interested to hear anyones thoughts on this subject either using
> >> squid or apache v2.
> >>
> >> Kindest Regards
> >>
> >> Dan.
> >
Received on Wed Dec 18 2002 - 05:52:48 MST