Mailing List SVR wrote:
> Il giorno dom, 01/02/2009 alle 20.28 +1300, Amos Jeffries ha scritto:
>> Mailing List SVR wrote:
>>> Hi all,
>>>
>>> I have a soap client using python ZSI, the other end is oracle soa
>>> 10.1.3.1.0 all works fine since some months. The last week oracle soa
>>> was configured to accept client certificate authentication over https.
>>> If I try to use the standard python httplib.HTTPSConnection library it
>>> fails with the infamous "bad record mac" error and so also ZSI that use
>>> httplib. Other java tools such as soapui works just fine with oracle
>>> soa.
>>>
>>> Can squid do the hard work for me in the following configuration?
>>>
>>> ZSI soap client -> squid proxy over http -> oracle soa https
>>>
>>> however squid could be authenticate to oracle soa loading the cert file
>>> and the cert key from a local file.
>>>
>>> So I would like to send my soap request to squid over http and squid
>>> could connect to oracle soa over https presenting its own client
>>> certificate (not send from my application but load from local file).
>>>
>>> Is this configuration possible?
>>>
>>> thanks
>>> Nicola
>>>
>>>
>> Yes Squid can certainly act as a HTTP->HTTPS proxy for you.
>> Just configure a normal cache_peer pointing at oracle to using SSL,
>> http://www.squid-cache.org/Doc/config/cache_peer/
>> and configure ZSI to connect to the Squid HTTP port without SSL.
>
> thanks but squid need to present a client certificate to authenticate
> against oracle, cache peer seems lack directive to specify certificate,
>
Look again:
ssl
sslcert=/path/to/ssl/certificate
sslkey=/path/to/ssl/key
sslversion=1|2|3|4
sslcipher=...
ssloptions=...
Amos
-- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE12 Current Beta Squid 3.1.0.4Received on Sun Feb 01 2009 - 08:56:44 MST
This archive was generated by hypermail 2.2.0 : Sun Feb 01 2009 - 12:00:03 MST