I have a quick question about what Eric said here:
http://marc.theaimsgroup.com/?l=openssl-users&m=97752755822038&w=2
>I don't see how this is going to work with SSL. There's no
>indication in the SSL handshake of which host the client is
>trying to connect to (except the IP address, which you say you're
>spoofing.).
>
>I'd say your best bet is to put the SSL decryption stage on the
>gateway and then proxy the HTTP to the server.
>
>I.e.
>
>Client <-------HTTPS-------> Gateway <-------HTTP-------> Server
>
>Note that you'll have to use the private key/certificate for
>all the traffic, however.
Couldn't you also use a separate certificate on the Gateway that's signed
by the final destination server? In fact, wouldn't that be the preferred
approach?
Chad
--
There are two types of people in this world; good and bad. The good sleep
better, but the bad seem to enjoy the waking hours much more.
-- Woody Allen
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
