I saw a very similar feature in ufdbGuard which is a URL filter implemented as a Squid Redirector. They have a feature which probes the destination server for a valid HTTPS cert in parallel to the user's connection and terminates it if it turns out not to be a valid HTTPS cert. Their code is open source, maybe this could be helpful in creating such a helper?
http://www.urlfilterdb.com/home.html On Sat, Jan 3, 2015 at 3:45 AM, Yuri Voinov <yvoi...@gmail.com> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Term "HTTPS" often uses as "Any connect over 443 port".... > > 03.01.2015 13:59, Jason Haar пишет: > > On 01/01/15 00:11, James Harper wrote: > >> The helper connects to the IP:port and tries to obtain the > certificate, and then caches the result (in an sqlite database). If it > can't do so within a fairly short time it returns failure (but keeps > trying a bit longer and caches it for next time). Alternatively if the > IP used to be SSL but is now timing out it returns the previously cached > value. Negative results are cached for an increasing amount of time each > time it fails, on the basis that it probably isn't SSL. > > That sounds great James! I'd certainly like to take a look at it too > > > > However, you say "SSL" - did you mean "HTTPS"? ie discovering a ip:port > > is a IMAPS server doesn't really help squid talk to it - surely you want > > to discover HTTPS servers - and everything else should be > > pass-through/splice? > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBAgAGBQJUp6wSAAoJENNXIZxhPexGb8MH/irRYZBuoGjHZrpcI6kweMGv > YqSjFYUasZ/hlDoN6bbJUKqAfeos0am0OuTy2FxOmA0YVxIEz6sJKj9FzeMJtOSW > NTZk7IJ7mT6aRg+hKfW3JCEl68RcLb0J/eSNvG6QR6HcqHQODiEE489zcq+o+yn0 > Z45P1WwgQLv6PIIeNXnM7nFtA0ce3D54agu/fr7zC3c1Z72A04BMU0W4dFC9M6Ob > T2NQz2CsSp+nIDFZjHTaZuBmw5ZjMtrsoO79FT5GyX1lT+tCR9angtI+TYSSis15 > o+/aw1U+yWScZXhdNUz/gjWLbW8WL/9ygVY43Y2laPII+WdlFhaJozEhr5h1e+A= > =2f0+ > -----END PGP SIGNATURE----- > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
