Shankar, Sury wrote: >I'm using wget (with OpenSSL) utility to access some of our websites. The goal is >just to see if the web server responds an OK status and gives the default page >requested. The sites are a mixture of HTTP & HTTPS. Also most of our HTTPS sites are >accessible only thru a proxy (which is running HTTP). All the scenarios work great >except one. When I try to get a page back from a HTTPS site going thru a HTTP proxy, >wget assumes that the connection (conn object in gethttp()/http.c) is HTTP and sends >a HTTP request to the proxy (or conn). The proxy returns a Security Alert page and >waits for the client to start the SSL handshake (I forced the connection Keep-Alive >as it is turned off by default for proxies). But wget returns back to main() after >reading all the headers. > Hi, i'm nearly sure that this szenario is not in wget right know. And to add it to wget could become a little tricky. Before i can think about how to ad it i need some information. 1. The Protocol: CLIENT -> PROXY: - connect - (auhtenticate) PROXY -> CLIENT - OK message CLIENT -> PROX> - SSL(handshake start( . . . Can i find for this an RFC dokumentation ?
>But the browsers seem to have no problems in handling that. So I went thru a sniffer >to see how the browser behaves in comparison to wget. As soon as the browser gets the >OK response from the server the browser starts exchanging information about the >certificates (the packets were in binary and I could make out only some words in >them). And after some exchanges have happened the browser gets the actual page from >the server. > >I'm not sure if I'm missing to take care of something's in wget for this kind of >scenario to work or wget does not support this functionality as yet. I have tried all >kinds of settings on wget but nothing seems to work. Please let me know if there is >an easy way to achieve this or I have to dig into the code and add the functionality >myself. If I have to add this functionality please throw some light as where I should >be concentrating on in the wget code. > I don't know if its right in the cvs tree, but after an request i have rewriten the openssl part of wget that it use know gnutls. Also there is an discussion about moving the "stream" part to an "object" model. That mean to solve your problem the important think is to know how the proxy-ssl protocol work, and witch part of wget is affected. Maybe is not the ssl handling but the proxy part that there only the ssl init have to be done after the proxy handshake, but i never tested how openssl / gnutls work if its used on an "used connection" i think it work if there are no data waiting for sending and nothing to read. And as the last Question can you tell and test server and url for testing it, becose i have not the time to setup an proxy server. >This message is for the named person's use only. *BLABLABLA* > This is an Mailing list and not "named person" Cu Thomas Lu�nig
smime.p7s
Description: S/MIME Cryptographic Signature
