Il giorno dom, 01/02/2009 alle 21.56 +1300, Amos Jeffries ha scritto: > Mailing List SVR wrote: > > Il giorno dom, 01/02/2009 alle 20.28 +1300, Amos Jeffries ha scritto: > >> Mailing List SVR wrote: > >>> Hi all, > >>> > >>> I have a soap client using python ZSI, the other end is oracle soa > >>> 10.1.3.1.0 all works fine since some months. The last week oracle soa > >>> was configured to accept client certificate authentication over https. > >>> If I try to use the standard python httplib.HTTPSConnection library it > >>> fails with the infamous "bad record mac" error and so also ZSI that use > >>> httplib. Other java tools such as soapui works just fine with oracle > >>> soa. > >>> > >>> Can squid do the hard work for me in the following configuration? > >>> > >>> ZSI soap client -> squid proxy over http -> oracle soa https > >>> > >>> however squid could be authenticate to oracle soa loading the cert file > >>> and the cert key from a local file. > >>> > >>> So I would like to send my soap request to squid over http and squid > >>> could connect to oracle soa over https presenting its own client > >>> certificate (not send from my application but load from local file). > >>> > >>> Is this configuration possible? > >>> > >>> thanks > >>> Nicola > >>> > >>> > >> Yes Squid can certainly act as a HTTP->HTTPS proxy for you. > >> Just configure a normal cache_peer pointing at oracle to using SSL, > >> http://www.squid-cache.org/Doc/config/cache_peer/ > >> and configure ZSI to connect to the Squid HTTP port without SSL. > > > > thanks but squid need to present a client certificate to authenticate > > against oracle, cache peer seems lack directive to specify certificate, > > > > Look again: > ssl > sslcert=/path/to/ssl/certificate > sslkey=/path/to/ssl/key > sslversion=1|2|3|4 > sslcipher=... > ssloptions=... > > You are right but I'm ot a squid expert so I need some more directions please. I added this line to squid.conf cache_peer <oraclesoahostname> parent 443 0 no-query no-digest no-netdb-exchange proxy-only default ssl sslcert=/etc/squid/cert/clients1.crt sslkey=/etc/squid/cert/clients1.key sslversion=1 <oraclesoahostanme> is in my hosts file, now how squid redirect the request to <oraclesoahostname> and how I can connect to squid? On standard 3128 port (for example wget http://<squidip>:squidport/<what here?>>) or I have to use it as http proxy (export HTTP_PROXY=...)? thanks for your patience, Nicola > Amos
