Il giorno dom, 01/02/2009 alle 21.56 +1300, Amos Jeffries ha scritto:
> Mailing List SVR wrote:
> > Il giorno dom, 01/02/2009 alle 20.28 +1300, Amos Jeffries ha scritto:
> >> Mailing List SVR wrote:
> >>> Hi all,
> >>>
> >>> I have a soap client using python ZSI, the other end is oracle soa
> >>> 10.1.3.1.0 all works fine since some months. The last week oracle soa
> >>> was configured to accept client certificate authentication over https.
> >>> If I try to use the standard python httplib.HTTPSConnection library it
> >>> fails with the infamous "bad record mac" error and so also ZSI that use
> >>> httplib. Other java tools such as soapui works just fine with oracle
> >>> soa.
> >>>
> >>> Can squid do the hard work for me in the following configuration?
> >>>
> >>> ZSI soap client -> squid proxy over http -> oracle soa https
> >>>
> >>> however squid could be authenticate to oracle soa loading the cert file
> >>> and the cert key from a local file.
> >>>
> >>> So I would like to send my soap request to squid over http and squid
> >>> could connect to oracle soa over https presenting its own client
> >>> certificate (not send from my application but load from local file).
> >>>
> >>> Is this configuration possible?
> >>>
> >>> thanks
> >>> Nicola
> >>>
> >>>
> >> Yes Squid can certainly act as a HTTP->HTTPS proxy for you.
> >> Just configure a normal cache_peer pointing at oracle to using SSL,
> >> http://www.squid-cache.org/Doc/config/cache_peer/
> >> and configure ZSI to connect to the Squid HTTP port without SSL.
> >
> > thanks but squid need to present a client certificate to authenticate
> > against oracle, cache peer seems lack directive to specify certificate,
> >
>
> Look again:
> ssl
> sslcert=/path/to/ssl/certificate
> sslkey=/path/to/ssl/key
> sslversion=1|2|3|4
> sslcipher=...
> ssloptions=...
>
>
You are right but I'm ot a squid expert so I need some more directions
please.
I added this line to squid.conf
cache_peer <oraclesoahostname> parent 443 0 no-query no-digest
no-netdb-exchange proxy-only default ssl
sslcert=/etc/squid/cert/clients1.crt sslkey=/etc/squid/cert/clients1.key
sslversion=1
<oraclesoahostanme> is in my hosts file,
now how squid redirect the request to <oraclesoahostname> and how I can
connect to squid? On standard 3128 port (for example wget
http://<squidip>:squidport/<what here?>>) or I have to use it as http
proxy (export HTTP_PROXY=...)?
thanks for your patience,
Nicola
> Amos
Received on Sun Feb 01 2009 - 09:02:50 MST
This archive was generated by hypermail 2.2.0 : Sun Feb 01 2009 - 12:00:03 MST