dest-unreach / socat / contrib / proxycerts
Jan Just Keijser implemented support for proxy certificates and provided a patch.
I've created a patch for socat 220.127.116.11 to allow for proxy certificates; proxy certificates are short lived SSL certificates that can be generated using the OpenSSL toolkit 0.9.8 and higher or using the Globus Toolkit (http://www-unix.globus.org). The latter is a grid middleware package that I use in my daily work, which is all related to grid computing.
You can find the patch at http://www.nikhef.nl/~janjust/socat
We use this patch to create secure connections on the grid using the grid user's proxy certificate to encrypt connections on the fly.
The nice thing about proxy certificates is that they are short-lived, i.e. they typically last about 12 hours. That way, I can create a proxy certificate from a personal (well-guarded) certificate and send it across the internet - even if someone were to able to get a hold of my proxy certificate, it would only last for 12 hours. On http://www.nikhef.nl/~janjust/proxy-verify you can find a bash script to generate a proxy certificate from a regular OpenSSL certificate.
Apply this patch to socat 18.104.22.168 source.