« July 2002 | Main | November 2002 »

September 7, 2002

An amendment to the http/https proxy server in Perl

Further to my previous blog about creating an SSL enabled Perl proxy - I have discovered that the SSL engine would not initialise correctly if a default certificate and key could not be found. To fix this I have set some variables for this so that their location can be specified. The updated program is available here. The whole concept of being able to inspect the conversational flow of a series of HTTP requests has allready paid great dividends. I have been using hte proxy to pin point a character encoding issue at work where Apache issues a Content-Type header for iso-8859-1, and the AxKit issues one for utf-8. Now I just need ot figure out how to switch the iso-8859-1 one off :-(. Cheers.

Posted by PiersHarding at 1:25 PM

September 3, 2002

Creating a proxy server in Perl that handles SSL too

DJ got to talking about HTTP proxies, and how they are important. He also mentioned the usefulness of being able to inspect the transaction going backwards and forwards between the client and server (headers, content etc.). We also discussed the possibility of writing one in Perl. After 5 minutes on Google sure enough, I found one from non other than Randal from a column he wrote several years ago. This almost exactly suited my purpose, except that as most websites do, ours has some pages covered by SSL. Herein lay the challenge. I couldn't find an example of a Perl based proxy server that covers both HTTP and HTTPS, so I took Randals' example and modified it to this. The really interesting thing is finding out how browsers and clients in general can vary so widely in how they implement SSL. lwp-request and Konqueror allow both http and direct https SSL proxying. Mozilla and IE don't (they implement the CONNECT palava) etc.
The discussion also went arround the fact that you can't actually "proxy" SSL and inspect it without breaking the chain so to speak - where the proxy actually negotiates certificates with the client instead of the client negotiating with the end target.

Posted by PiersHarding at 5:59 AM