Ok, the gist of the following is I need a good, solid, hopefully
non-forking (single-process or threaded) SSL capable proxy. By this I mean
I need a daemon that listens to 443, takes connections from browsers, does
the necessary authentication and decryption, then forwards the connection
to 80 on the local machine. Its a simple enough job, but the performance
requirements in this case are quite heavy, so a forking model is not
really appropriate, unless it keeps worker processes around to avoid
fork() costs.
I have so far looked at sslwrap (Worked, but incredibly slowly), sslproxy
(forking process, went nuts within 4 hours and filled the proccess stack)
and stunnel (Failed to talk sslv3 properly, generating errors on certain
packets. Hunted the code, and came to the conclusion that it was actually
buffer-overflowing somewhere obscure, but have no solid proof of that
other than the fact that the error we recieved is never referenced)
Also downloaded evaluation of Celocom SSR (threaded model) which
coredumped on execution, probably due to library issues (Slackware box,
glibc2 libs installed).
So, before I go off the deep end and write my own, has anyone got any idea
where I can find one of these? I'm not having a great deal of luck so
far...
(Note I used the latest versions of each program mentioned)
Richard.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
