Hi all, Problem seems very wired to me. please bear some deficiency in explaining the problem
I am writing one Small HTTPS proxy (trasparent proxy only ) for study work. Client(IE)---Encrypted traffic---> || ClientSocket <---Plain text----> ServerSocket --Encrypted traffic-->Https_WebServer In short I am doing man in middle for HTTPS content filtering... and I have chosen OPEN SSL for that. Well I am redirecting port 443 traffic to my tcp listener which get all incoming SSL traffic , i am making outbound connection for this client connection using another socket, and reading data between for some kind of content filtering. I have generated my selfsign CA, Private Key and using them for generating server certificate to present to client. ISSUE: Its works fine with some sites like https://encrypted.google.com https://twitter.com Where I am able to present newly generated certificate for each site and signed with my CA. (I have added my Self Signed CA cert in client browser) But with FaceBook, I am facing problem. Facebook webpage is making few sessions a248.e.akamai.net , tcpdump shows that akamai.net is sending server certificates only NO CA certificate in their certificate chain. With extension one of them is (keyUsage: keyEncipherment) while I am representing my made of this server certificate (with this keyUsage exetension), browser is rejecting my certificate by throwing error that Bad Certificate. -------------------------------------------------------------- I can send code/pseudo code, tcpdump captures/Pcaps if some anybody want. I am pulling my hair for days .. for making it work for facebook. --------------------------------------- I have tried X509_new() , by directly generating certificate and also tried by X509_REQ (first making certificate req and then certificate creation by X509_new) -------------------------------------- Any indication/direction would be appreciate. - Thanks Saurabh Pandya ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
