<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div class="">I’m not sure that using transparent sslbump squid will understand how to use client certificate for mutual authentication.</div><div class="">At least without transparent ssl bump it doesn’t.</div><div class="">Did you try to use trspr-sslbump for client auth? How does squid pick right client certificate for certain host?</div><br class=""><div apple-content-edited="true" class="">
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div class="">Best regards,</div><div class="">Ilya Karpov</div><div class=""><a href="mailto:karpoftea@gmail.com" class="">karpoftea@gmail.com</a></div><div class=""><br class=""></div></span>
</div>
<br class=""><div><blockquote type="cite" class=""><div class="">20 февр. 2015 г., в 12:24, Yuri Voinov <<a href="mailto:yvoinov@gmail.com" class="">yvoinov@gmail.com</a>> написал(а):</div><br class="Apple-interchange-newline"><div class="">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" class="">
<div bgcolor="#FFFFFF" text="#000000" class="">
Transparent SSL Bump interception, eh?<br class="">
<br class="">
<div class="moz-cite-prefix">20.02.15 15:14, Ilya Karpov пишет:<br class="">
</div>
<blockquote cite="mid:93616B9A-9EE9-4FE8-8A5B-70F9EC3FA773@gmail.com" type="cite" class="">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" class="">
<div class="">Hi guys,</div>
<div class="">can anyone suggest solution to make following
scenario work using squid:</div>
<div class=""><br class="">
</div>
<div class="">step1. </div>
<div class="">Client(actually server application) calls <a moz-do-not-send="true" href="http://example/" class="">HTTP://example</a>.org
squid via proxy.</div>
<div class=""> |</div>
<div class="">V </div>
<div class="">step2. </div>
<div class="">Proxy(Squid) understands that all calls to <a moz-do-not-send="true" href="http://example.org/" class="">HTTP://example.org</a> should
be changed to <a moz-do-not-send="true" href="https://example.org/" class="">HTTPS://example.org</a>,
trusts CA that uses <a moz-do-not-send="true" href="http://example.org/" class="">example.org</a> and knows
client certificate to use for https client authentication</div>
<div class="">
<div class=""> |</div>
<div class="">V </div>
</div>
<div class="">step3.</div>
<div class="">Origin(some server in internet) accepts https
request, authenticates client, returns response</div>
<div class=""><br class="">
</div>
<div class="">The main aim is to make client know nothing about
https complexity (storing certificates/keys, knowing specific
algorithms etc), and make squid manage this things.</div>
<div class=""><br class="">
</div>
<br class="">
<div apple-content-edited="true" class="">
<span class="Apple-style-span" style="border-collapse: separate;
border-spacing: 0px;">
<div class="">Best regards,</div>
<div class="">Ilya Karpov</div>
<div class=""><a moz-do-not-send="true" href="mailto:karpoftea@gmail.com" class="">karpoftea@gmail.com</a></div>
<div class=""><br class="">
</div>
</span><br class="Apple-interchange-newline">
</div>
<br class="">
<br class="">
<fieldset class="mimeAttachmentHeader"></fieldset>
<br class="">
<pre wrap="" class="">_______________________________________________
squid-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a>
</pre>
</blockquote>
<br class="">
</div>
_______________________________________________<br class="">squid-users mailing list<br class=""><a href="mailto:squid-users@lists.squid-cache.org" class="">squid-users@lists.squid-cache.org</a><br class="">http://lists.squid-cache.org/listinfo/squid-users<br class=""></div></blockquote></div><br class=""></body></html>