[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Wget-dev] RFC - adding the possibility to trust the proxy for https
|
From: |
Darshit Shah |
|
Subject: |
Re: [Wget-dev] RFC - adding the possibility to trust the proxy for https |
|
Date: |
Fri, 25 Jan 2019 01:42:21 +0100 |
|
User-agent: |
NeoMutt/20180716 |
* Davide Baldo <address@hidden> [190123 13:35]:
> Hello,
>
> I would like to add an option to wget to allow the possibility to trust the
> proxy even for https request, without relying on a CONNECT.
>
> For examples these are the requests towards a proxy server:
>
> Current behaviour for plain http:
> - GET http://www.example.com/archive.tar HTTP/1.1
>
> Current behaviour for encrypted https, the proxy is only used as a socket
> passthrough:
> - CONNECT www.example.com:443 HTTP/1.1
>
> Wanted behaviour, (enabled with something similar to --trust-proxy-for-https):
> - GET httpS://www.example.com/archive.tar HTTP/1.1
>
> This would allow caching on the proxy, mostly for automated builds without
> having to locally mirror all https sources. I would like to hear your opinions
> on this proposal, I'm aware this flag may very well "break" the very goal of
> https in certain circumstances but I would like to point out that
> alternatives
> are either time-consuming or insecure (such as downgrade to http).
>
> Thanks,
>
>
Seems like a doable idea to be. We already have support for proxies baked into
Wget. However, I'd like to first get an idea of the ramifications of doing
something like this. What are the implications on the network and how does it
affect security?
If someone has points to present, please do. I'm keen to know more about this.
--
Thanking You,
Darshit Shah
PGP Fingerprint: 7845 120B 07CB D8D6 ECE5 FF2B 2A17 43ED A91A 35B6
signature.asc
Description: PGP signature