the problem is that LWP in 'proxied' secure mode doesn't work like a real browser or
use proxy servers the way they should. instead it uses proxy servers as 'reverse
proxies' and therefore rely on the security certificates of the proxy server instead
of the client ones (SSLeay installed?).
the reason Y2K caused problems was that the proxy's security certificates expired.
Browsers don't have the same problem because in secure mode they ask for stuff using
"CONNECT remotehost:secureport" to the proxy server, not GET or POST and the proxy
acts as a pipe, passing through bytes from the client to the remote host which will
figure out what you want. the proxy only ends up knowing what host you're going to;
certainly there is no reliance on the proxy's encryption routines.
[I think Netscape proxy is one of the few that can do proxying in secure mode in this
"GET/POST" reverse proxy fashion.]
As a quick fix, you could get your proxy maintainer to update the {something - proxy
name?-}cert.db file for the proxy with the latest certificates. (Data is not encrypted
between you and your proxy though).
[
as an aside, the oft-mentioned and never resolved memory leak thread that keeps
popping up. I've noticed that code using LWP doesn't leak when requests go through a
proxy, but leaks when requesting directly.
]
Sean
(all the usual disclaimers)
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, 17 January 2000 11:18 AM
To: [EMAIL PROTECTED]
Subject: LWP, HTTPS, Proxy, and Y2K
Hey all,
I'm using a perl script to access a secure webpage from within a firewall
on an NT box. Everything was working fine until y2k hit, my script began
to error out on Jan 1. The error message indicates that the proxy server
has a problem with the sending sites certificate expiration. I know we
are using a Netscape proxy server ( or at least the error message references
Netscape) and I know there are problems with some version of Netscape and
certificate expiration dates beyond 12/31/99.
The odd thing is that if I access the same secure webpage through the
same proxy server using Netscape on the NT box everything works fine
and I don't get any errors.
I reinstalled perl from scratch using the latest Activestate release(522),
reinstalled Crypt::SSLeay and am using OpenSSL 0.9.4
I sent mail to the proxy maintainer to check on the version there since
the y2k testing for the proxy server did not test https but haven't
heard back yet.
Any suggestions?
Thanks,
Tony
