On Thu, 31 Mar 2005, [ISO-8859-1] Henrik Østerlund Gram wrote:
I realize that, but I also realize that there are a number of (commercial) products available that accomplish this. It should be possible to simply act as an SSL server yourself and while the certificates would be different (the proxy's) seen from the actual client and server's perspective, at least it could work.
Yes, and this is not very hard to implement, just that noone have done so for Squid yet.
Requirements:
1. A fake CA, preferably trusted by the clients.
2. Interception of CONNECT requests, making a fake certificate matching the requested server name, then switch accept the connection as an https connection (same as https_port is doing).
Squid-3 or Squid-2.5+SSL update is required to start with, as Squid-2.5 can not initiate SSL connections, only accept them..
All in all should not be more than a screenful or two of code. A bit more if you want to get advanced and echo the real servers certificate info in your fake certificate.
Regards Henrik
