dest-unreach / socat / contrib / proxycerts

Proxy certificates feature

Introduction

Jan Just Keijser implemented support for proxy certificates and provided a patch.

Message of the contributor

I've created a patch for socat 1.6.0.0 to allow for proxy certificates; proxy certificates are short lived SSL certificates that can be generated using the OpenSSL toolkit 0.9.8 and higher or using the Globus Toolkit (http://www-unix.globus.org). The latter is a grid middleware package that I use in my daily work, which is all related to grid computing.

You can find the patch at http://www.nikhef.nl/~janjust/socat

We use this patch to create secure connections on the grid using the grid user's proxy certificate to encrypt connections on the fly.

The nice thing about proxy certificates is that they are short-lived, i.e. they typically last about 12 hours. That way, I can create a proxy certificate from a personal (well-guarded) certificate and send it across the internet - even if someone were to able to get a hold of my proxy certificate, it would only last for 12 hours. On http://www.nikhef.nl/~janjust/proxy-verify you can find a bash script to generate a proxy certificate from a regular OpenSSL certificate.

Requisites

Apply this patch to socat 1.6.0.0 source.

Status

Pending