This is excellent info Sean, it explains my situation nicely.
So I spoke with my proxy server admin and his comment was that
he thinks the old certs are coded into the code on the version of
Netscape proxy that were using and he isn't sure how to go about
updating the certs. Can anyone help me with instructions for this?
Also, is there any effort to rewrite the proxy portion of LWP to
handle the proxy in the proper manner?
Thanks,
Tony
>
> the problem is that LWP in 'proxied' secure mode doesn't work like a real browser or
>use proxy servers the way they should. instead it uses proxy servers as 'reverse
>proxies' and therefore rely on the security certificates of the proxy server instead
>of the client ones (SSLeay installed?).
>
> the reason Y2K caused problems was that the proxy's security certificates expired.
>
> Browsers don't have the same problem because in secure mode they ask for stuff using
>"CONNECT remotehost:secureport" to the proxy server, not GET or POST and the proxy
>acts as a pipe, passing through bytes from the client to the remote host which will
>figure out what you want. the proxy only ends up knowing what host you're going to;
>certainly there is no reliance on the proxy's encryption routines.
>
> [I think Netscape proxy is one of the few that can do proxying in secure mode in
>this "GET/POST" reverse proxy fashion.]
>
> As a quick fix, you could get your proxy maintainer to update the {something - proxy
>name?-}cert.db file for the proxy with the latest certificates. (Data is not
>encrypted between you and your proxy though).
>
> [
> as an aside, the oft-mentioned and never resolved memory leak thread that keeps
>popping up. I've noticed that code using LWP doesn't leak when requests go through a
>proxy, but leaks when requesting directly.
> ]
>
> Sean
> (all the usual disclaimers)
>
>
>
