From: Peter Sylvester <[EMAIL PROTECTED]>
Peter.Sylvester> I wonder whether it would be useful to allow that a
Peter.Sylvester> client can also may its OCSP request through some
Peter.Sylvester> proxy, I guess yes.
Nothing actually stops you from doing such a thing. I've no idea if
that has an impact on security...
Peter.Sylvester> the real question is whether someone has looked in
Peter.Sylvester> the socket bio used in ocsp.c to see how code to
Peter.Sylvester> allow at least some things could be added:
Peter.Sylvester>
Peter.Sylvester> - connection through an 'http' proxy, i.e. sending
Peter.Sylvester> the complete URL to a proxy instead of the host.
Peter.Sylvester>
Peter.Sylvester> - connection through an SSL proxy, i.e. using CONNECT
Peter.Sylvester>
Peter.Sylvester> - One might add proxy authentication methods or else.
Do you mean that this should be added into OpenSSL (libcrypto)? I
wonder why, because after all, OpenSSL isn't meant to implement an
HTTP client, although we currently have HTTP code in the OCSP code. I
think code to implement HTTP access throguha HTTP proxy belongs in
another library, like libwww (there's a transport class available with
libwww that makes it use OpenSSL. Last time I looked, it wasn't very
advanced at all, however).
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
Redakteur@Stacken \ SWEDEN \ or +46-709-50 36 10
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, Celo Communications: http://www.celocom.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
