> This is all wrong. It doesn't matter if the proxy machine is a
> trusted OS or not if you are using end to end SSL connections. The
> authentication of the end box via verification of its certificate will
> ensure that there is no man in the middle.
>
> If the proxy is on a Trusted OS, that is great. But it doesn't change
> the security model one bit. The proxy should not be interfering with
> the end to end properties of SSL.
This system's presupposition is following.
The backend www server uses private IP,
that is, this server is located on the Intranet.
So a client cannot connect to it directly.
Therefore a client connects to the proxy server which has global IP.
On the intranet, there are several www servers.
I want to divide a HTTP request to appropriate server accoding to the
request URI which is sent by the client. That is, the URI is pseudo URI.
So the proxy should modify this URI to the appropriate URI.
----
nakamura
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
- client certificate Nakamura,TakayukiTKSSC
- RE: client certificate Nakamura,TakayukiTKSSC
- RE: client certificate Jeffrey Altman
- RE: client certificate Nakamura,TakayukiTKSSC
- RE: client certificate Jeffrey Altman
- client certificate Nakamura,TakayukiTKSSC
- client certificate yongw
- Client Certificate Gautier Philippe
- client certificate Zhong Chen
- Re: client certificate Greg Stark
- Re: client certificate Dr S N Henson