Article delegate-en/2342 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Using upstream proxy with sslway
14 Jul 2003 22:52:02 GMT (Yutaka Sato)


At last, I noticed the cause of your problem.  You are using SSLTUNNEL
which send CONNECT method to upstream proxy to make connection toward HTTPS
server.  At the same time, you are using FSV=sslway toward a HTTP proxy,
which needs CONNECT method to be sent to upstream proxy before relaying.

There were a bug which disabled using proxy authentication by MYAUTH for
SSLTUNNEL, but after when I fixed it (in DeleGate/8.4.0), it has come to
generate duplicated CONNECT when SSLTUNNEL is used together with FSV
toward HTTPS server via HTTP proxy.

So I'll fix it as enclosed patch.
Thank you for your notice.

On 07/02/03(21:12) "Kai Szymaniak" <> wrote
in <_A2319@delegate-en.ML_>
 |Again I say that it worked just fine with DeleGate 7.9.5.
 |I'm using DG with parameters in the Form of: Server=http
 |-vv -P8082 MOUNT= /*https://dhost.x.y/* DGROOT=c:\SSLPROX
 |                              FSV=sslway -cert certificate.pem -pass
 |pass:certificate SSLTUNNEL=x.y.z.q.:port
 |                              HOSTS=dhost.x.y/
 |Has anything changed in the parameters I use from 7.9.5 to 8.5.5?
 |Do you have any opinion why my proxy doesen't identify himself?

On 07/14/03(19:57) you "Marc Erdmann" <> wrote
in <_A2341@delegate-en.ML_>
 |HTTP-Client ---> DELEGATE --(HTTPS-Connect)--> Squid-Proxy with CONNECT
 |enabled ( ----> HTTPs Server requiring user certificates
 |I converted the certificates I tested with my web browser to PEM and
 |started delegated with the following command line:
 |delegated -f -v CACHE=no SERVER=http -P8005 DGROOT="/tmp/delegate"
 |PERMIT="*:*:*" SSLTUNNEL=""  MOUNT="/* https://securedsite/*"
 |FSV="/usr/local/sbin/sslway -cert /etc/delegate/securedsite.pem -pass

  @ @ Yutaka Sato <>
 ( - ) National Institute of Advanced Industrial Science and Technology (AIST)
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan

*** ../../dist/delegate8.5.5/src/filter.c	Fri May 23 11:09:13 2003
--- filter.c	Tue Jul 15 07:13:41 2003
*** 1582,1589 ****
--- 1582,1594 ----
  	/* from_client is on only if CONNECT method is used ... */
  	if( Conn->from_myself && Conn->from_client )
  		return 0;
+ 	/* CONNECTed via SSLTUNNEL */
+ 	if( ConnType == 'h' /* C_SSLTUNNEL */ ){
+ 		return 0;
+ 	}
  	sprintf(connectmsg,"CONNECT %s:%d HTTP/1.0\r\n\r\n",DST_HOST,DST_PORT);

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]