1 (edited by rydj 2021-02-18 06:33:54)

Topic: connecting to secure web proxy


I am writing an http client with secure web proxy support (stunnel) using wolfssl.
I am able to connect to the proxy server and complete the Tls handshake successfully, then basic HTTP application data (port 80 sites) can be transfered without issues.

but after asking the proxy to forward tcp data from a secure website (Port 443) ("CONNECT HOST:PORT HTTP/1.1"),  how do I make a hand shake with the site's sever if the socket is already transporting encrypted data from the Proxy.

to illustrate:
1- Tcp connect to Proxyhost:Port
2- initialize wolffssl and setfd
3- Connect_ssl();
4- Tls handshake with proxy success.
5- Send a connect Command to a websites server (Ex. "CONNECT google.com:443 HTTP/1.1")
6- proxy replies 200 OK
7- how to negotiate TLS now ?????

plz if you could answer with an example .

Thank You.


Re: connecting to secure web proxy

first of all I want to state that I am a student who is still learning and this project is for me to learn new things.

Ok I found the solution.

It's an ssl connection inside another ssl connection.

first we make an Ssl connection to the proxy . and treat that connection as a socket.
then we make anothe ssl object setting the receive/send callbacks to functions that read and write from the encrypted proxy connection using our first Ssl object.

but that seems a dirty solution.

can I set the fd inside the wolfssl_set_fd(); function to the ssl object created earlier?


Re: connecting to secure web proxy

Hello rydj

Thanks for your interest in wolfSSL. It sounds like you'll want to redirect the IO using a callback. We have an excellent examples here:
https://github.com/wolfSSL/wolfssl-exam … -callbacks

We also have a wolfSSL stunnel example in a private repository. You can request access by contacting support@wolfssl.com

Eric @ wolfSSL Support

4 (edited by DorianKussel 2022-09-26 04:04:07)

Re: connecting to secure web proxy

Hello. Thank you for your question. I am sorry you are having difficulties connecting to a secure website using your wolfssl http client. It sounds like you are successfully connecting to the proxy server and completing the TLS handshake, but you are unsure how to proceed with the handshake with the website's server. One option would be sending a CONNECT command to the website's server, specifying the host and port you wish to connect to. The proxy server should then reply with a 200 OK, at which point you can negotiate TLS with the website's server. If it's not working, you might consider changing your proxy (https://soax.com/thailand-proxy). Thank you for your question, and I hope this helps.