Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Is there anyway to force client certificates when using HTTP::Proxy? i.e. that proxy authenticates itself to the upstream with client SSL certificate available on proxy ( that client does not need client certificates, but proxy does it for client). This does NOT work: 
$ENV{HTTPS_DEBUG} = 1;
$ENV{HTTPS_VERSION} = 3;
$ENV{HTTPS_PKCS12_FILE}     = 'cert.p12';
$ENV{HTTPS_PKCS12_PASSWORD} = 'mypass';

use Net::SSLeay;
use LWP::Debug qw/+/;
use HTTP::Proxy;

# Monkeypatch HTTP::Proxy to handle CONNECT as I want to.
# take a look at http://cpansearch.perl.org/src/BOBTFISH/HTTP-Proxy-Se
+lective-0.004/script/selective_proxy
# Paste sub _handle_CONNECT here together with override.

my $proxy = HTTP::Proxy->new( port => 3128 );
$proxy->start;

[download]

Replies are listed 'Best First'.
Re: Forcing SSL client certificates in HTTP::Proxy
by zwon (Abbot) on Mar 15, 2010 at 20:10 UTC

    I see here two possibilities. First, browser requests url https://server/path, in this case it uses CONNECT method and proxy server just retransmitting data between server and browser, it doesn't analyse it in any way, it doesn't use LWP::UserAgent, so it doesn't use certificate. Second, browser requests http://server/path, in this case proxy server sends usual request to web server (not https), so it doesn't use certificate. What you should to do is to replace client request for http://server/path with request to https://server/path. I never used HTTP::Proxy but it seems it supports filters that can be used for this purpose.

[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom