Search squid archive
Dynamic SSL certificate generation in intercept (transparent) mode.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Dynamic SSL certificate generation in intercept (transparent) mode.
- From: PaweÅ Mojski <pawcio@xxxxxxxxxx>
- Date: Wed, 04 May 2011 12:13:45 +0200
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10
Hi.
I'm using squid ssl interception in transparent proxy mode. But, of
course I have problem with invalid common name in any ssl transaction. I
found this: "...We believe it is technically possible to implement
dynamic certificate generation for transparent connections. Doing so
requires turning Squid transaction handling steps upside down, so that
the secure connection with the server is established /before/ the secure
connection with the client. The implementation will be difficult, but it
will allow Squid to get the server name from the server certificate and
use that to generate a fake server certificate to give to the client.
Quality patches or sponsorships welcomed. ..." on squid wiki. So, maybe
there is a related point on a road-map right now? Or maybe wome
work-around usign 3rd-party application? I have to admit, i would be
very welcome feature for me.
Regards;
--
Pawel Mojski
[Index of Archives]
[Linux Audio Users]
[Samba]
[Big List of Linux Books]
[Linux USB]
[Yosemite News]
