[web-devel] http-enumerator connecting via a http proxy
Erik de Castro Lopo
mle+hs at mega-nerd.com
Sat May 14 13:55:10 CEST 2011
Michael Snoyman wrote:
> > I've implemented four functions; proxyHttp, proxyHttpLbs,
> > proxyHttpRedirect and proxyHttpLbsRedirect but it occurs
> > to me that if we added a field of type 'Maybe Proxy' to the
> > 'Request m' data type, the fucntionality of the four functions
> > I have hacked up could be merged with the original versions
> > of these.
> >
> > Does that sound like a sane approach?
>
> Yes, I think that sounds good. Just let me know when I should look at the
> code; I'm impressed how quickly you're getting this done!
Ok, I've submitted a github pull request that modifies the
existing http function to proxy HTTP requests. This was a
relatively simple matter of modifying hosts, ports, and
headers.
I'm now looking at doing HTTPS and I'm a little lost on how
to proceed. Basically proxying of HTTPS works as follows:
a) Wants to connect to https://encrypted.google.com/
via HTTP proxy called squid listening on port 3128.
b) Client opens an un-encrypted connection to squid:3128
and sends a request:
CONNECT encrypted.google.com:443 HTTP/1.1
c) Squid proxy connects to encrypted.google.com port 443
and gets back a response of:
HTTP/1.1 200 Connection established
which it sends the client.
d) The squid proxy then blindly transfers bytes from the client
to encrypted.google.com and bytes from encrypted.google.com
to the client.
e) The client does TLS negotiation over the bi-directional pipe
established and maintained by the proxy.
I can send the CONNECT and get back the HTTP 200 OK, but I'm
not sure how to proceed.
Clues?
Erik
--
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/
More information about the web-devel
mailing list