|
| From: | Daniel Stenberg |
| Subject: | Re: [Bug-wget] [Bug-Wget] Patch Test-proxied-https-auth.px |
| Date: | Thu, 30 Oct 2014 14:43:58 +0100 (CET) |
| User-agent: | Alpine 2.00 (DEB 1167 2008-08-23) |
On Thu, 30 Oct 2014, Tim Ruehsen wrote:
[*] = at least originally, until the MITM-ing proxies entered the scheme and complicated matters, but I prefer to view that as messed up SSL and not "real" SSL =)Yes, however, Wget has to be able to work with these (if users request it).
From how I understand things, most HTTPS-MITMing proxies are the interceptingtransparent kind that will sit in your company/organization network and as soon as you want to connect to TCP:443 somewhere, the MITMer will accept that connection and fake back a cert for the client and then connect to the remote server and then sit in the middle of that conversation.
The only thing wget needs to support that scenario is the CA cert for the certs the proxy generates on the fly. Or just skip the check and silently accept everything.
A different kind of SSL-proxy setup is when you ask your proxy for a HTTPS:// URL, and similarly allows the proxy to alter/check the traffic all it wants. Still that's a rarer setup since it requires the client to do this non- standard request.
-- / daniel.haxx.se
| [Prev in Thread] | Current Thread | [Next in Thread] |