Well I made some progress based on these suggestions. What I did so far is this:
- Copied HTTP::Daemon and modified it as rob_au suggested to make an SSL version;
- Used that base to create an SSL proxy in addition to the existing HTTP proxy I already had. This was done by subclassing the proxy class I already had and overriding the creation of the daemon with the SSL version;
- Created a server certificate. This is where most of the time went. Creation of server certificates was a bit new to me and not really clearly documented in the OpenSSL docs.
At this point I had two proxy server classes: one for HTTP and one for SSL. I built two stub servers using those and fired them up. The results so far are that I can connect to the SSL proxy fine and it's able to see the HTTP traffic going back and forth if I send it the requests explicitly. But I can't get the server to be used as a true proxy by setting it in the browser. When I do that, OpenSSL complains when it sees the clear text CONNECT request, spitting out this proxy error with DEBUG on:
error message: 'SSL_accept: 'error:1407609B:SSL routines:SSL23_GET_CLI
+ENT_HELLO:https proxy request
So it looks like OpenSSL
wants some special set up for proxies I'm not seeing just yet ... either that or it explicitly prohibits them.