lör 2007-01-27 klockan 12:14 -0500 skrev ab cd:
> i am currently attempting to use squid to become an SSL gateway/man in
> the middle device for the outside world so that we have the ability to
> monitor the traffic before it leaves the network.
This function is not yet implemented. Currently only SSL server support
is implemented allowing Squid to act as a single SSL server (per
ip:port).
To experiment you can try enabling the hidden SSL_CONNECT_INTERCEPT
define
./configure ...
echo "#define SSL_CONNECT_INTERCEPT 1" >>include/autoconf.h
make clean
make install
this will make Squid intercept any CONNECT requests sent by the clients
and direct them to the first https_port. But be warned that it's highly
experimental code and some important pieces is still missing for this to
be even remotely useful in real life. The biggest part missing is
spoofing of the server certificates to avoid the "certificate name
mismatch" popup on each visited site.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:01 MST