Closed qpwo closed 1 year ago
I think the simplest C code is what you've already found: https://github.com/sonertari/SSLproxy/tree/master/tests/testproxy/lp. Perhaps a Python or Rust program might look simpler.
Excuse the newbie question, but how does the sslproxy line (in first packet in connection) scheme compare with ICAP? A normal ICAP server wouldn't work out of the box with sslproxy right? (Couldn't find answer in docs)
Yes, I remember considering ICAP when I first started working on SSLproxy back in 2017. For example, E2Guardian did support ICAP in those years too. It may still be a good idea to add support for ICAP in SSLproxy, acting as an ICAP client, but at that time I decided to implement the current SSLproxy solution. I don't remember the exact reasons, but I think some of them were:
I am not an expert on ICAP, so some of the comments I have above may be wrong. But I think above were enough reasons to prefer my simple SSLproxy line (and the associated design/implementation) over ICAP.
Makes a lot of sense, particularly supporting non-HTTP/S protocols
Don't think I'll have time to implement this soon unfortunately. Will reopen if I get a chance.
Is there sample code for a bare-minimum listening program implementation available anywhere? I was trying to use some code from your tests but had trouble and switched to the patched e2guardian from UTMFW. I would prefer some simple C code if possible.
If there's no such code, I'd be happy to write it and open a PR. I think that would make it a bit easier to pick up and use SSLproxy. I would just need a pointer to get started.