Click here to Skip to main content
15,436,928 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
HTTP has CONNECT / GET / POST ... methods. If my client program pass through a proxy and access the web. it looks like : my_client --> proxy --> web server.

OPENSSL is a powerful lib to deal with HTTPS(SSL/TLS).I'm trying to use this lib to access the web server through the middle side proxy server. Without the middle side the client program works well.

I just don't know how to deal with the middle side proxy.
According to the wireshark packages,the following steps:
1.It should build a connection with the middle side proxy by using HTTP CONNECT method.the protocol package contains the web server information.
2.start SSL/TLS handshake .(client hello / server hello / exchange cipher ...)
3.HTTP request and response with encryption.

The “1.” step is easy , just some normal socket connect with proxy , tcp text with CONNECT method contains some web server info , and reponse the "200 OK connect established ";
The "2." step failed. I combine the the "1." step socket with ssl context, and call
SSL_connect
to deal with the handshake, failed.

What I have tried:

some code fragments to explain what i'm trying to deal with.
// windows env.
WSAStartup(MAKEWORD(2,2),&wsaData);

//construct socket 
handle = socket(AF_INET, SOCK_STREAM, 0);

// tcp connect with middle side proxy.
connect(handle, (struct sockaddr *) &server,sizeof (struct sockaddr)); //server means the middle side proxy

// send CONNECT with middle side proxy.
/* the connect package like this:
 "CONNECT wx.qq.com:443 HTTP/1.1\n"                                                                                               
 "Host: wx.qq.com:443\n"                                                                                                          
 "Proxy-Connection: keep-alive\n"                                                                                                 
 "User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36\n\n"

 */
Proxy_CONNECT_reqstr(req_str);

// now the openssl part.
SSL_load_error_strings();
 
// Register the available ciphers and digests
SSL_library_init();
OpenSSL_add_all_algorithms();

//New SSL context 
sslContext = SSL_CTX_new(SSLv23_client_method());

//SSL structure
sslHandle = SSL_new(c->sslContext);

// combine the socket with SSL 
SSL_set_fd(sslHandle , handle );

// SSL connect
SSL_connect(sslHandle); // failed.


Hope someone give me an example about using OPENSSL to access the web server through the middle side proxy.
Posted

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900