November 21st, 2001, 07:07 PM
How should my Proxy handle SSL/https request
I am in the proces of coding a proxy server (in C) and am having difficulty with the SSL aspect.
When receiving an http request, I simply forward the whole message (GET htpp;//host.com \n User-Agent:...\n etc. ) to the appropriate server, and it works fine. But when an SSL(https) request arrives (CONNECT host.com:443 HTTP/1.0 \n User-Agent:...\n etc.), I try to forward this to the server (on port 443) in the same fashion.
This does not work as I am not getting any response back (not even an error). I think I have to manipulate the request message (ex. remove the "CONNECT" and ":443", but I am not sure how to properly format it. After several tries with different formats, I am still lost and frustrated.
Anyone know how to format the SSL message. i.e. What should my proxy forward to the secure server? I simply want to act as a tunnel between client and server (Client <--> Proxy <--> Server.
Maybe it is not even a matter of reformatting, but something else? I don't think I need to exchange keys/certificates as the Proxy, but maybe a different type of connection besides the standard connect() needs to be made? Any help appreciated.
November 21st, 2001, 10:12 PM
Here 's a link to OD's SSL-proxy program. Source code is included, so you should be able to find something in there
November 22nd, 2001, 10:09 AM
Port 443 will be expecting an SSL connection while you will have decrypted the connection at the proxy... Try using OpenSSL and stunnel to re-encrypt the connection and then forward to the secure server.
Hope that helps...