Re: [squid-users] SOAP client with no SSL client-certificate features from Amos Jeffries on 2010-04-20 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 20 Apr 2010 23:07:01 +0000

On Tue, 20 Apr 2010 23:25:59 +0200, "D.Veenker" <dv_at_veenker.tk> wrote:
> I am running into the following problem and I think Squid might be just
> the solution I am looking for. But I'm not sure about it.
>
> We are developing an application consuming a SOAP-webservice. The
> platform we are developing on (4D) does not support SSL with client
> certificates. It does support the regular HTTPS features though.
>
> So I was wondering if Squid could help me out, and proxy a regular
> plain-http (or https) request from this newly made application to the
> webservice implementing the SSL connection with client certificates.
>
> Let's say the url of the webservice is:
> https://webservice.domain.com/methods
> From this developed 4D-application I'd like to connect to
> http://webservice.domain.com/methods and let Squid do all the SSL
> features using client certificate authorization.
>
> Situation:
> Application not capable of SSL with client certificates -->> plain
> HTTP-request -->> Squid (+ client certificate provided by webservice
> company) -->> HTTPS request with client certificate -->> SSL Webservice
>
> And of course vice-versa, but I assume you already guessed that. The
> certificates are formatted as .der documents, but I guess I can overcome

> the problem when squid does only support a particular format by
> converting the certificate.
>
> ** Is this type of proxying possible using Squid?

Yes.

> ** How do I configure such a situation in Squid?

Simply make sure the HTTP requests sent through Squid contain full
absolute URLs starting with https://.

There are some other details such as the difference between Proxy-*
headers and their regular client->server "normal" versions.

> ** What elements need to be compiled with Squid to get these features
> implemented?

Nothing special. The defaults are fine.

>
> To be honest I'm an total rookie to Squid so I might need some specific
> help, on the other hand not to lazy to get through some docs when you me

> point me in the right direction. And last but not least, I have a strong

> wish to run Squid on a debian server.

http://wiki.squid-cache.org/ has almost everything you need for playing
with Squid.

PS: Just a mention. Check your SOAP underlayer. A lot of SOAP systems uses
POST requests which are not cacheable when they should be using GET
requests which are. Tools that use REST HTTP seems to be better IME when
going through any proxies.

Amos
Received on Tue Apr 20 2010 - 23:07:04 MDT

This archive was generated by hypermail 2.2.0 : Wed Apr 21 2010 - 12:00:05 MDT