I saw a very similar feature in ufdbGuard which is a URL filter implemented as a Squid Redirector. They have a feature which probes the destination server for a valid HTTPS cert in parallel to the user's connection and terminates it if it turns out not to be a valid HTTPS cert. Their code is open source, maybe this could be helpful in creating such a helper?
http://www.urlfilterdb.com/home.html
http://www.urlfilterdb.com/home.html
On Sat, Jan 3, 2015 at 3:45 AM, Yuri Voinov <yvoinov@xxxxxxxxx> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Term "HTTPS" often uses as "Any connect over 443 port"....
03.01.2015 13:59, Jason Haar пишет:
> On 01/01/15 00:11, James Harper wrote:
>> The helper connects to the IP:port and tries to obtain the
certificate, and then caches the result (in an sqlite database). If it
can't do so within a fairly short time it returns failure (but keeps
trying a bit longer and caches it for next time). Alternatively if the
IP used to be SSL but is now timing out it returns the previously cached
value. Negative results are cached for an increasing amount of time each
time it fails, on the basis that it probably isn't SSL.
> That sounds great James! I'd certainly like to take a look at it too
>
> However, you say "SSL" - did you mean "HTTPS"? ie discovering a ip:port
> is a IMAPS server doesn't really help squid talk to it - surely you want
> to discover HTTPS servers - and everything else should be
> pass-through/splice?
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJUp6wSAAoJENNXIZxhPexGb8MH/irRYZBuoGjHZrpcI6kweMGv
YqSjFYUasZ/hlDoN6bbJUKqAfeos0am0OuTy2FxOmA0YVxIEz6sJKj9FzeMJtOSW
NTZk7IJ7mT6aRg+hKfW3JCEl68RcLb0J/eSNvG6QR6HcqHQODiEE489zcq+o+yn0
Z45P1WwgQLv6PIIeNXnM7nFtA0ce3D54agu/fr7zC3c1Z72A04BMU0W4dFC9M6Ob
T2NQz2CsSp+nIDFZjHTaZuBmw5ZjMtrsoO79FT5GyX1lT+tCR9angtI+TYSSis15
o+/aw1U+yWScZXhdNUz/gjWLbW8WL/9ygVY43Y2laPII+WdlFhaJozEhr5h1e+A=
=2f0+
-----END PGP SIGNATURE-----
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users