I found some URLs may be useful
http://www.geocities.com/SiliconValley/Bay/9952/tun_ssl.htm
http://www.ics.uci.edu/pub/ietf/http/hypermail/1997q3/0777.html
However, I still cannot found the offical stardard of communicating
with proxy server. Anyone know where can I found it? Thanks.
--
Lam Ah
[EMAIL PROTECTED] - email
(512) 682-6901 ext. 1057 - voicemail/fax
---- [EMAIL PROTECTED] wrote:
> Hi,
>
> > Is it possible to use openssl to connect to a HTTPS web
> >server via a proxy?
> >
> >There are defined macros for setting proxy parameters in
> >bio.h, but none of the BIO types seems to deal with the
> >information.
> >
> >How should connection via a proxy be handled?
> >
> >joe.
>
> I've found a description of the SSL tunneling protocol some years ago
> under
> <http://home.netscape.com/newsref/std/tunneling_ssl.html>. Today I
> got a
> "File not found" error on this URL, maybe it has moved elsewhere.
>
>
> The tunneling protocol works as follows:
>
> client proxy Server
> connect()
> ----------------------->
>
> accept()
> <-----------------------
>
> CONNECT some-server:443
> ----------------------->
> connect()
> ------------------------>
>
> accept()
> <------------------------
> HTTP/1.0 200 Ok
> <-----------------------
>
> SSL_connect()
> -----------------------> ------------------------>
>
> SSL_accept()
> <---------------------- <------------------------
>
> The client opens a socket connection to the proxy and sends a request
> like:
> CONNECT some-server HTTP/1.0
> User-agent: Netscape/...
>
> (terminated by an empty line like every HTTP request).
>
> If the proxy can connect() to the server, it will respond to the client
> with a normal HTTP response:
> HTTP/1.0 200 Ok
>
> Otherwise you'll get an error message from your proxy as for every
> unreachable
> web server.
>
> Then, the client can do a SSL_connect() as normal. The proxy will forward
> all data between the client and the server.
>
>
>
> I've patched apps/s_client.c some time ago (I think it was the version
> from
> SSLeay 0.8.8) to support proxies and it worked for me. With minor modifications
> it should work with newer OpenSSL versions too, but I haven't check
> that
> yet.
>
> I haven't the source of the modified s_client here at moment, but if
> you
> send me a mail, I can send it to you as a first example (well, its
> error
> checking need some more work :-)
>
>
> Niko
>
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
___________________________________________________________________
To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax,
all in one place - sign up today at http://www.zdnetonebox.com
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
