I did some hacking to the security procs of OpenACS to achieve just that for Pound. Having tried Squid and failed to redirect HTTP connections to HTTPS connections in the proxy I've switched back to Pound. Squid is also incapable of informing AOLserver which connections to AOLserver are HTTPS connections to the Proxy.
Pound has the issue with ns_write but there is a patch in the making to removing this limitation. In all other respects, I found Pound to be better. For example, Pound can add a custom header to requests forwarded to AOLserver when the request comes in as a HTTPS connection to Pound. Using this information, I have modified to the security procs of OpenACS to treat these requests as if they were HTTPS connections to AOLserver.
The big win is that security management becomes transparent to OpenACS. One can still use the same security methods in OpenACS as before.
Also, nsopenssl should not be far of for AOLserver 4.0.
All in all, AOLserver 4.0 can be used with OpenACS under certain circumstances:
1) When the site doesn't require SSL
2) When the site uses SSL but off loads the SSL handshake to Pound and user pages don't use ns_write
3) When the site uses SSL but off loads the SSL handshake to Pound and Gustav's patch is applied to Pound.
Options 2) and 3) also require my hack to OpenACS. Should I be committing this hack to CVS?
/Bart
