On Wed, 5 Jun 2002, Thomas Lussnig wrote: > And Try if openssl/gnutls handle it on used connection (i think yes, if no > data readable for the moment).
You pass the socket descriptor to OpenSSL. It easy to do that the exact same way, either after only a connect() or after a connect() with some CONNECT stuff. > Second make sure the proxy part do not become broken (don't know if there > is the scenario SSL-PROXY connection and then SSL-HTTP request). Because > this would mean that there become the need of an SSL [ SSL [ HTTP ] ] > stream. And this is definitly much more tricky :-( The CONNECT request is different from other proxy stuff and could possibly be written in a separate function. > >The proxy communication is not available as an RFC but that is the way SSL > >tunneling thru a proxy works. This is wrong. RFC2616 includes all details needed. The information was available before too, in various (now deprecated) documents. > > After the host is resolved and the proxy figures out that it is a secure > > site it just acts as a router between the client and the destination > > server. I need to figure out the starting point of that communication > > (where the SSL handshake starts). > If the PROXY -> SSL is not RFC-Normed there come the next question, how > clients know how to work with it, is it product specific ? It's standard all right. Proxys pass *everything* through after a CONNECT has been requested and a positive reply has been returned back. What you send to the proxy gets sent to the remote server, what you read was sent fromt the remote server. -- Daniel Stenberg - http://daniel.haxx.se - +46-705-44 31 77 ech`echo xiun|tr nu oc|sed 'sx\([sx]\)\([xoi]\)xo un\2\1 is xg'`ol