Search squid archive

Proxy and cache of SSL with client auth?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This may sound insane, but here goes. I've got a file distribution system that relies on client certificate authentication through SSL (https) to authenticate clients prior to delivery of files. Typical apache with ssl and client cert setup. I have reached a situation, however, where it would be convenient to create a tiered system of caches of said files. My thought was to use squid to do this as follows:

Server stays the same - requires client cert to return a file.

Squid proxy is set up on a box with a valid client cert, setting up sslproxy_* to point to valid client certs. Squid is also configured with https to require client certs for connection to Squid (this last part is less important - the clients in this particular setup are actually on a private network that is not considered at risk). When the client makes a request for a file, squid makes the request using its authorized cert, and then serves the file down-stream.

From my initial reading of the squid configs and documentation I could find, it seemed like this would be possible. I have tried it, and it doesn't seem to be working. I get the (apparently common) SSL 'CONNECT' error:

clientNegotiateSSL: Error negotiating SSL connection on FD 11: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request (1/-1)

Is what I'm trying to do even possible with Squid? I'm using version 2.6.STABLE6 on Centos 5.2. I'd be happy to send my squid configs if that'd help. Any help would be apprecaited ;-)

Justin Binns

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux