On Thu, 31 Mar 2005, [ISO-8859-1] Henrik Østerlund Gram wrote:
> I realize that, but I also realize that there are a number of
> (commercial) products available that accomplish this. It should be
> possible to simply act as an SSL server yourself and while the
> certificates would be different (the proxy's) seen from the actual
> client and server's perspective, at least it could work.
Yes, and this is not very hard to implement, just that noone have done so
for Squid yet.
Requirements:
1. A fake CA, preferably trusted by the clients.
2. Interception of CONNECT requests, making a fake certificate matching
the requested server name, then switch accept the connection as an https
connection (same as https_port is doing).
Squid-3 or Squid-2.5+SSL update is required to start with, as Squid-2.5
can not initiate SSL connections, only accept them..
All in all should not be more than a screenful or two of code. A bit more
if you want to get advanced and echo the real servers certificate info in
your fake certificate.
Regards
Henrik
Received on Wed Mar 30 2005 - 18:44:41 MST
This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:03 MST