On 06/13/2009 04:35 PM, Mikio Kishi wrote:
> Many people want https support for transparent proxy using tproxy.
> Now, squid is not supported. Certainly, https support may make
> security problem, but I think it's useful as an "optional extra".
>
> As a trial, I implemented the patch for https support,
> (but it's still too ad-hoc...)
>
> What do you think about https support ?
>
> - Environment
> squid-3.1.0.7
Hello Mikio,
It looks like you are working on a useful feature, but can you
explain in more detail what your patch does? Why is the feature called
SslConnect? Is it specific to tproxy environments or can it work with
any transparent Squid? Does it work in combination with SslBump or are
they mutually exclusive?
What kind of magic is going on in tunnelProxyConnectedWriteDummyDone and
tunnelProxyConnectedReadDone? Why do we not care about certain
tunnelStart errors if SslConnect is enabled? Perhaps you can add source
code comments to explain your intent?
Thank you,
Alex.
