Thanks Francois for uploading and updating the file.

Francois also asks me to explain a little what's done in the modification.

It's actually similar to the socks support. Instead of using a socks4
or socks5 proxy, the changes allow a socket to tunnel through HTTP proxy that
supports the CONNECT method. Basic authentication scheme is supported.
I tried to mimic the existing socks support code and add http proxy
support in parallel. Please note that some HTTP proxy server
configurations do not support CONNECT method on none-443 ports.

The changes are for ICS version 5 beta. Many people (Team ICS and the
list members) know ICS and Delphi much better than I do. It would be
great for you to review the changes to make sure I'm doing it right :)

Below are some issues that I can think of. Some are in my modification
some in the existing code for socks proxy support, which will take
more time to improve, and I am not the right person to fix it really.

- socks and SSL support in existing ICS code is not done in the ideal way.
  As it is now, a socket is either an SSL socket or a socks socket. An SSL
  connection should also also be able to go through a proxy server,
  but not with the current code. The SSL support should ideally be on top
  of proxy (socks or http proxy) support.
  
- http proxy support is added in parallel to socks, and http processing
  is done after socks processing in the code. Only one type of proxy
  (socks or http) can be used in one socket. This design of course will
  not support proxy chaining. Ideally, proxy support should be flexible
  enough to chain any number of socks and http proxies that support
  CONNECT method.

- the modification supports Basic authentication scheme only,
  and does not support Digest authentication scheme (quite some work :)

- Once HTTP header is received, I'm reading one byte a time to read
  the rest of the reply, which is not the most efficient way. Since
  it's mostly reading from a buffer in memory, it should not be a big
  deal. This has no impact if HTTP proxy is not in use.


-- 
Best regards,
Jack

Saturday, December 9, 2006, 1:13:30 AM, you wrote:

> Updated today.

> --
> Contribute to the SSL Effort. Visit
> http://www.overbyte.be/eng/ssl.html
> --
> [EMAIL PROTECTED]
> http://www.overbyte.be


> ----- Original Message ----- 
> From: "Francois PIETTE" <[EMAIL PROTECTED]>
> To: <twsocket@elists.org>
> Sent: Friday, December 08, 2006 8:27 PM
> Subject: [twsocket] TWSocket support for HTTP proxy


>> Jack has patched the latest beta (Downloaded about a week ago) to have
>> TWSocket support http proxy tunneling. I've uploaded the file at
>> http://www.overbyte.be/arch/dump/WSocketHttpProxy.zip for everyone review.


-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://www.elists.org/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to