> Hi, all
>
> Now, I evaluate the squid3.1.0.6 + tproxy4 environment like the
> following network.
>
> (1) (2)
>
> | |
> +------+ | +------------+ | +---------+
> |WWW +---+ | | +----+ WWW |
> |Client|.2 | .1| squid |.1 | .2| Server |
> +------+ +-----+ + tproxy +----+ |(tcp/443)|
> | | (tcp/8080) | | |(tcp/80) |
> | +------------+ | +---------+
> 192.168.0.0/24 10.0.0.0/24
>
> (1) 192.168.0.2 ------> 192.168.0.1:8080
> (2) 192.168.0.2 ------> 10.0.0.2:80
>
> HTTP communication is completely OK !
> but in HTTPS(using CONNECT method) case
>
> (1) 192.168.0.2 ------> 192.168.0.1:8080
> (2) 192.168.0.2 ------> 10.0.0.2:443
> ^^^^
> the following error occurred.
>
>> commBind: Cannot bind socket FD 12 to 192.168.0.2: (99) Cannot
>> assign requested address
>
> I think that tunnelStart()#tunnel.cc don't support "COMM_TRANSPARENT"
>
>> tunnelStart(ClientHttpRequest * http, int64_t * size_ptr, int*
>> status_ptr)
>> {
>> ... snip ...
>> sock = comm_openex(SOCK_STREAM,
>> IPPROTO_TCP,
>> temp,
>> COMM_NONBLOCKING, // need COMM_TRANSPARENT
>> getOutgoingTOS(request),
>> url);
>> ... snip ...
>
> What do you think ?
HTTPS encrypted traffic cannot be intercepted.
Amos
Received on Thu Apr 09 2009 - 00:52:43 MDT
This archive was generated by hypermail 2.2.0 : Thu Apr 09 2009 - 12:00:02 MDT