Hi, I'm maintaining a small HTTP proxy library that allows you to eavesdrop HTTP requests. Someone reported a bug which I cannot recreate, so I'm trying my luck here. [repost from golang-nuts, where I didn't get an answer].
It seems to work on my machine, but a user still complain. https://github.com/elazarl/goproxy/issues/15 I could use two forms of help: 1) Test it on your environment and report the results. $ mkdir ~/gopath2 $ GOPATH=~/gopath2 go get github.com/elazarl/goproxy/examples/eavesdropper $ # add ~/gopath2/src/github.com/elazarl/goproxy/ca.cert as a root CA to your browser $ ~/gopath2/bin/eavesdropper # use HTTP proxy at localhost:8080, browse to a https site, and see if you get warnings 2) Generally speaking, I don't really know too much cryptography in general, or TLS/SSL in particular. If you do, have a look at the code and explain my mistakes. Most of the logic is here: https://github.com/elazarl/goproxy/blob/master/signer.go The way it does that is: 1) goproxy have a builtin CA certificate, hard coded into a variable. It's generated with http://golang.org/src/pkg/crypto/tls/generate_cert.go 2) Given a CONNECT foo.com:443 proxy request, it would: 3) Generate a certificate for foo.com and sign it with the builtin CA, 4) Submit this certificate with the certificate chain: [new_cert, CA], using crypto/tls package.
_______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
