Re: SSL patch for squid to proxy to an other auth SSL proxy

From: Rolf Poser <[email protected]>
Date: Wed, 25 Mar 1998 06:47:01 +0200

> Having a problem to proxy https URLs through our FireWall proxy we
> have found out that this was due to our internal Squids just eating the
> Proxy-Auth headers.

tcpdump/snoop is great isn't it ?

> Then browsing all the digests I had copied (from late 1996), I have
> found only one post from O.Pearson in Sept 97 about that topic and
> quoting a patch you have provided him with for SSL routines.
> But I was unable to read it at first time, so before trying to find
> out some tools to read it I thought it could be useful to ask you (and
> the Squiders) if you have some late status on this patch, or even a new
> one?... And then if you can provide us with it ?

I am not aware of a newer patch, and the one I posted was a bit of a
hack, quite unlike the neatness and aesthetically beautiful design of
the squid code. It would probably need some more work before one
could/should include it in the formal release. In either case, the
code is only 3 lines long, and from what I understand it will work
with the newer releases of squid too (though I haven't tested it
myself).

Here goes : (Please note : You may need to glue the lines back
together again after mutilation from some email readers.)

diff -r squid-1.NOVM.15/src/ssl.c squid-1.NOVM.15-SSLFW/src/ssl.c:

==============snip=================================
470a471,473
> /* temp string variable for authentication info */
> char *s = NULL;
>
473c476,485
< sprintf(sslState->client.buf, "CONNECT %s
HTTP/1.0\r\n\r\n",sslState->url);

---
>
>        /* Code added by RHWP to allow for SSL through firewall. 
>            7 Sept 1997 - Praise God ! */
> 
>       if (s = mime_get_header(sslState->mime_hdr,"Proxy-authorization:")) {
>           sprintf(sslState->client.buf,"CONNECT %s HTTP/1.0 \r\nProxy-authori zation: %s\r\n\r\n",sslState->url,s); 
>       } else { 
>        sprintf(sslState->client.buf, "CONNECT %s HTTP/1.0\r\n\r\n", sslState->url); 
>       } 
>
==================snip================================
> And BTW why is it not included into the patch URL on Squid site? Did
> Duane find something wrong with it?
See comments above...
Regards,
Rolf.
 
All opinions expressed above are my own, and not necessarily those of my employer.
  RHWP - Web Intranet Manager / IT Architect - Sasol Technology Pty Ltd.
         Tel: +27-16-960-3965 Fax: +27-16-960-2642
Received on Tue Mar 24 1998 - 20:51:14 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:27 MST