ssl vpn

Yesterday I got a chance to take a look at a SSL VPN. The endpoint can download an ActiveX contorl from a secure web site after logon it. This ActiveX control will create a virtual adaptor, assign a user a virtual private IP. The traffic to the intranet will be intercepted and forward to this virtual adaptor (by chaning routing table?), and then a SSL tunnel is used to establish connections to the web servers.

The main advanatages of the SSL VPN are:

• Do not have to install VPN client. You only need a browser
• Provides granularity for access control.
• Use port 443 opened by most firewalls.

Squid ssl cache_peer

The Squid supports cache_peer using ssl:
In downstream squid:

cache_peer parentip parent  parentport 0000 default no-query no-digest ssl  sslcert=/opt/exampleca/certs/client2.pem sslkey=/opt/exampleca/client2private.pem sslcafile=/opt/exampleca/cacert.pem name=https-local

In upstream squid:

https_port parentport cert=/opt/exampleca/certs/server.pem key=/opt/exampleca/serverprivate.pem clientca=/opt/exampleca/cacert.pem capath=/opt/exampleca crlfile=/opt/exampleca/my_crl.pem sslflags=VERIFY_CRL  sslcontext=mlroaming

Coroutine in C

The Coroutine provides more points of entry and exit than routine. The Duff's Device provide a way to simulate it in C Code. Boost C++ also have an experimental implementation.

Wt: A C++ web toolkit

Wt (Pronounced as Witty) is a goolkit to build a web sites using C++. You can use the it to create high performace web application. It uses the C++ libary to generate the javascript code. Potentially, it can help to avoid XSS security problem as it have full control to generated javascript.