Hello all. I have a question regarding the use of client-side certificates through a transparent SSL proxy (Squid or otherwise). Is this possible? I've configured Squid 3.1.0.15 as a transparent SSL proxy and that works. Browsers complain about name mismatches but that's expected without dynamic cert generation. However, when I attempt to visit a URL which requires authentication via a client certificate, the resulting page from Squid shows a "Read Error" with the following text:
The system returned: [No Error] An error condition occurred while reading data from the network. Please retry your request. I don't see anything in Squid's logfiles nor do I see anything on the console. I'm running Squid in the foreground and I'm passing passing 'd9' for debugging information. This is certainly not an ideal configuration but at the moment I can't change the parameters of the problem. My task is to determine whether it is possible to make such a configuration work. (I do have the luxury of disregarding the untrusted authority and name mismatch errors on the client.) It seems plausible that since Squid is effectively a "man in the middle", it could acquire the client certificate and relay that to the target to complete the request. Whether this is currently feasible in Squid is a separate matter but at a high level I can't think of an obvious problem with the basic approach. Again, I would rather not be in the business of intercepting SSL in the first place but at the moment I can't change that. Thanks in advance for any thoughts. Regards, Damon
smime.p7s
Description: S/MIME cryptographic signature
