Replace polipo with an internal proxy to cache HTTPS connection #46
Comments
|
The only way to proxy (and cache) HTTPS is the MITM and it's a tlittle hard to setup it in kameleon. |
|
Yes, I agree this is not easy. Maybe this can be replace by good practice like:
This can be done for home built packages and software but for all dependencies and runtime this is not common nor easy to do. I think the only way to do it properly is a kind of MITM to catch anything that come from the network. |
HTTPS is designed to prevent man-in-the middle attacks, and a transparent proxy is effectively a MITM. If we want to cache HTTPS, we need to generate and inject the proxy certificate You can find an example here with squid and more information about Ssl Bump here. Another way to achieve that is to make clients (wget --no-check-certificate ...) ignore the SSL certificat checks for all HTTPS connections, but that's not really ideal neither... Anyway, it won't be with a script of ours that we can make a proxy with such features.
A simple workaround is to only use a cachable content when you need to make your experience (recipe) reproductible. At the end avoid HTTPS as much as possible. |
The Polipo proxy is only available for HTTP connection and the HTTPS connections are not cached.
Use our own cache implementation may be a good idea to add this feature, remove the polipo dependency and allows kameleon to make this cache mechanism evolve more easily.
It seems to be pretty simple to implement this in ruby:
https://gist.github.com/torsten/74107
The text was updated successfully, but these errors were encountered: