Hi, all - about to play with an approach to something, and I was hoping to bounce the idea off people here - pls let me know if that's not strictly within bounds/intents of the mailing list (new here). This is close to the same concept as discussed here with a D.Veenker, in an exchange in April/2010 -- but not quite the same.
Is it possible to use Squid to create an ssh-tunnel effect, including use of a client certificate? This would be to layer in SSL and client authentication, for applications and web servers for which (for reasons I won't go into here) it's not possible to reconfigure/recode to use SSL.
Concept would be to run Squid as a reverse proxy on the server, configured to do 2-way SSL (and doing HTTP to the parent server); then also run Squid on the client in standard proxy mode, likewise configured for 2-way SSL, pointing at a user's certificate via sslproxy_client_key.
Constraints I see are that multiple users couldn't be using the solution on the PC at the same time; and Squid would have to be restarted (or whatever the Windows equivalent of a squid -k reconfigure is, I still have to figure that out) to establish the tunnel.
Does this seem feasible? Are there any potential gotchas that we should make sure we test early on, in attempting to achieve this?
Thanks!
---- David G. Bucci 301.240.4885 david.g.bucci_at_lmco.comReceived on Tue Aug 03 2010 - 09:08:35 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 03 2010 - 12:00:02 MDT