> This may sound insane, but here goes. I've got a file distribution > system that relies on client certificate authentication through SSL > (https) to authenticate clients prior to delivery of files. Typical > apache with ssl and client cert setup. I have reached a situation, > however, where it would be convenient to create a tiered system of > caches of said files. My thought was to use squid to do this as follows: > > Server stays the same - requires client cert to return a file. > > Squid proxy is set up on a box with a valid client cert, setting up > sslproxy_* to point to valid client certs. Squid is also configured > with https to require client certs for connection to Squid (this last > part is less important - the clients in this particular setup are > actually on a private network that is not considered at risk). When the > client makes a request for a file, squid makes the request using its > authorized cert, and then serves the file down-stream. > > From my initial reading of the squid configs and documentation I could > find, it seemed like this would be possible. I have tried it, and it > doesn't seem to be working. I get the (apparently common) SSL 'CONNECT' > error: > >> clientNegotiateSSL: Error negotiating SSL connection on FD 11: >> error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request >> (1/-1) > > Is what I'm trying to do even possible with Squid? I'm using version > 2.6.STABLE6 on Centos 5.2. I'd be happy to send my squid configs if > that'd help. Any help would be apprecaited ;-) > > Justin Binns > Are you using squid as a regular forward-proxy? or as a reverse-proxy/CDN for this system? Amos
