Goetz Isenmann wrote:
[...]
I try to create a https connection tunneling through a proxy.
Therefore I have to (1) create an unencrypted tcp connection to the
proxy, (2) tell the proxy to create a tunnel to the servers https
port (CONNECT host.domain:port HTTP/1.0), (3) wait for a positive
response (HTTP/1.0 200 Connection established), and (4) initiate a
SSL handshake over this already estabilshed connection.
Looks like the current openssl egg does not support this (step 4).
May I suggest a change?
[...]
Beware: I have never done anything in scheme, I can only guess, what
that values, cut, and wrap business might do.
Hello Goetz,
your patch looks correct so far. The reason why I didn't include a
procedure like that in the egg in the first place is that its
existence
suggests the possibility to wrap an SSL transport layer around any
given
pair of input and output ports. That is unfortunately not the case,
though. Currently it is only possible to create an SSL wrapper for a
file descriptor.
How do others think about this: Should an ssl-start procedure be
included in the OpenSSL egg and if yes, should it try to extract a
file
descriptor from given ports, should it be given a file descriptor
directly or should it maybe really create a wrapper around the given
ports and pass that to OpenSSL?