Article delegate-en <_A3647@delegate-en.ML_>
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[delegate-en/3647] [Reference:<_A3646@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Questions about SSLway
10 Mar 2007 04:20:29 GMT (Yutaka Sato)
The DeleGate Project


In message <_A3646@delegate-en.ML_> on 03/09/07(18:40:30)
you "Kwis Angelo" <> wrote:
 |I just downloaded Delegate 9.5.1 source and compiled it on Suse Linux 8.
 |I then ran Delegate with the following command:
 |./delegated -v -P8081 SERVER=http FSV=sslway MOUNT="/* https://host/*"
 |The process started properly and after some tests, I can confirm that
 |protocol conversion between HTTP and HTTPS is actually being performed fine
 |I have however some questions:
 |1.) From the SSL-related article "", it
 |says there that to use sslway, one must do a  "make -f Makefile.go sslway"
 |at filters/ directory, and then put the sslway executable in "DGROOT/lib".
 |I didn't actually do this -- I straight out ran Delegate with the command I
 |stated above.  I thought that not having sslway would somehow cause SSL not
 |to work.  But it did work fine.  Can you please calrify?

As written in the top of page, the document is obsoleted and you should read
DeleGate after 9.0.1 does not need sslway as a external command but it uses the
built-in version by default, and has a default certificate built into it too.

 |2.) How do I instruct Delegate not to establish sessions with HTTPS sites
 |not having a trusted Root CA?

For example, put the CA's certicicate at DGROOT/etc/pems/cacert.pem and use
it for verification as follows:

  FSV="sslway -Vrfy -CAfile pems/cacert.pem"

  9 9   Yutaka Sato <>
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]