On Mon, Jan 20, 2003 at 12:20:43PM +0530, Chandrasekhar R S wrote: > I have already posted the following on the lists under "Proxy'ing client > certs" thread. > Could not see the posting, hence re-posting. > ----------------------------------------------------------------- > My understanding had been the following : > > Client ---- Proxy Server -- Proxy Client ---- > Server > produces a consumes presents a Can > only recv > CA signed the ProxyClient Cert > ProxyClient Cert > Client Cert Client Cert > > "ProxyClient Cert" is not the same as "Client Cert". > > Though the Proxy Server is in receipt of the "Client Cert", it > cannot represent the same in the SSL connection between > "ProxyClient - Server". The requirement is to make the Proxy > faithfully forward the "Client Cert" to the "Server".
It's hard for me to see how this could fit SSL and HTTP protocols, sorry. Someone else might be lucky here "consume certificate" probably means "engage in a protocol to prove the name certified". It's still open question what protocol both do the job and is implemented by popular browsers. Hope you could hit your target with other tools like passord-based proxy access or maybe proxy access controlled by IPSec > Vadim, suggested that "CONNECT method of HTTP can be > used to setup TCP connections first and run SSL next. Proxy > could forward SSL traffic". > > It had been difficult to understand the solution. It seems to me that > we need to set up a TCP connection via the proxy server first and add > SSL to it later. I am not aware of how to do this. There was a document by Ari Luotonen; just found it at (single line!) http://www.web-cache.com/Writings/Internet-Drafts/draft-luotonen-web-proxy-tunneling-01.txt It describes the method how a proxy could handle HTTPS requests Please note HTTP details might be off-topic for this list hope this helps, Vadim Fedukovich consulting and software development > > Could one help me further. > > Namaste, > R S Chandrasekhar > [EMAIL PROTECTED] > ISD : 091-080-2051166 > Telnet : 847-1166 > Phone : 2052427 > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]