diff options
author | Daniel Stenberg <daniel@haxx.se> | 2023-04-06 14:33:05 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2023-04-08 00:27:53 +0200 |
commit | 712e5f1e7f5f0d9f94a5de0bd0b8dc4f46e7816c (patch) | |
tree | a5f3e3b94fffb9df34e3185f0aa71c3af6a8180a /lib | |
parent | 8803d2bfd9a28137d5bf6caaa91a0abe365a90f1 (diff) | |
download | curl-712e5f1e7f5f0d9f94a5de0bd0b8dc4f46e7816c.tar.gz |
CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2
Setting this proxy type allows curl to negotiate and use HTTP/2 with
HTTPS proxies.
Closes #10900
Diffstat (limited to 'lib')
-rw-r--r-- | lib/connect.c | 2 | ||||
-rw-r--r-- | lib/http.c | 2 | ||||
-rw-r--r-- | lib/http_proxy.h | 3 | ||||
-rw-r--r-- | lib/setopt.c | 2 | ||||
-rw-r--r-- | lib/url.c | 30 | ||||
-rw-r--r-- | lib/vtls/vtls.c | 10 |
6 files changed, 32 insertions, 17 deletions
diff --git a/lib/connect.c b/lib/connect.c index 2d940972e..7624794cf 100644 --- a/lib/connect.c +++ b/lib/connect.c @@ -1223,7 +1223,7 @@ connect_sub_chain: if(ctx->state < CF_SETUP_CNNCT_HTTP_PROXY && cf->conn->bits.httpproxy) { #ifdef USE_SSL - if(cf->conn->http_proxy.proxytype == CURLPROXY_HTTPS + if(IS_HTTPS_PROXY(cf->conn->http_proxy.proxytype) && !Curl_conn_is_ssl(cf->conn, cf->sockindex)) { result = Curl_cf_ssl_proxy_insert_after(cf, data); if(result) diff --git a/lib/http.c b/lib/http.c index cc6dd6c91..b2674e54a 100644 --- a/lib/http.c +++ b/lib/http.c @@ -1305,7 +1305,7 @@ CURLcode Curl_buffer_send(struct dynbuf *in, if((conn->handler->flags & PROTOPT_SSL #ifndef CURL_DISABLE_PROXY - || conn->http_proxy.proxytype == CURLPROXY_HTTPS + || IS_HTTPS_PROXY(conn->http_proxy.proxytype) #endif ) && conn->httpversion != 20) { diff --git a/lib/http_proxy.h b/lib/http_proxy.h index 2d7164bad..a1a03720b 100644 --- a/lib/http_proxy.h +++ b/lib/http_proxy.h @@ -46,4 +46,7 @@ extern struct Curl_cftype Curl_cft_http_proxy; #endif /* !CURL_DISABLE_PROXY && !CURL_DISABLE_HTTP */ +#define IS_HTTPS_PROXY(t) (((t) == CURLPROXY_HTTPS) || \ + ((t) == CURLPROXY_HTTPS2)) + #endif /* HEADER_CURL_HTTP_PROXY_H */ diff --git a/lib/setopt.c b/lib/setopt.c index 6bb88791c..b4ba30764 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -1155,7 +1155,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_PROXYTYPE: /* - * Set proxy type. HTTP/HTTP_1_0/SOCKS4/SOCKS4a/SOCKS5/SOCKS5_HOSTNAME + * Set proxy type. */ arg = va_arg(param, long); if((arg < CURLPROXY_HTTP) || (arg > CURLPROXY_SOCKS5_HOSTNAME)) @@ -1209,17 +1209,19 @@ ConnectionExists(struct Curl_easy *data, if(needle->bits.tunnel_proxy != check->bits.tunnel_proxy) continue; - if(needle->http_proxy.proxytype == CURLPROXY_HTTPS) { + if(IS_HTTPS_PROXY(needle->http_proxy.proxytype)) { /* use https proxy */ - if(needle->handler->flags&PROTOPT_SSL) { + if(needle->http_proxy.proxytype != + check->http_proxy.proxytype) + continue; + else if(needle->handler->flags&PROTOPT_SSL) { /* use double layer ssl */ if(!Curl_ssl_config_matches(&needle->proxy_ssl_config, &check->proxy_ssl_config)) continue; } - - if(!Curl_ssl_config_matches(&needle->ssl_config, - &check->ssl_config)) + else if(!Curl_ssl_config_matches(&needle->ssl_config, + &check->ssl_config)) continue; } } @@ -1521,8 +1523,8 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) conn->bits.httpproxy = (conn->bits.proxy && (conn->http_proxy.proxytype == CURLPROXY_HTTP || conn->http_proxy.proxytype == CURLPROXY_HTTP_1_0 || - conn->http_proxy.proxytype == CURLPROXY_HTTPS)) ? - TRUE : FALSE; + IS_HTTPS_PROXY(conn->http_proxy.proxytype))) ? + TRUE : FALSE; conn->bits.socksproxy = (conn->bits.proxy && !conn->bits.httpproxy) ? TRUE : FALSE; @@ -2154,8 +2156,12 @@ static CURLcode parse_proxy(struct Curl_easy *data, goto error; } - if(strcasecompare("https", scheme)) - proxytype = CURLPROXY_HTTPS; + if(strcasecompare("https", scheme)) { + if(proxytype != CURLPROXY_HTTPS2) + proxytype = CURLPROXY_HTTPS; + else + proxytype = CURLPROXY_HTTPS2; + } else if(strcasecompare("socks5h", scheme)) proxytype = CURLPROXY_SOCKS5_HOSTNAME; else if(strcasecompare("socks5", scheme)) @@ -2183,9 +2189,9 @@ static CURLcode parse_proxy(struct Curl_easy *data, #ifdef USE_SSL if(!Curl_ssl_supports(data, SSLSUPP_HTTPS_PROXY)) #endif - if(proxytype == CURLPROXY_HTTPS) { + if(IS_HTTPS_PROXY(proxytype)) { failf(data, "Unsupported proxy \'%s\', libcurl is built without the " - "HTTPS-proxy support.", proxy); + "HTTPS-proxy support.", proxy); result = CURLE_NOT_BUILT_IN; goto error; } @@ -2242,7 +2248,7 @@ static CURLcode parse_proxy(struct Curl_easy *data, given */ port = (int)data->set.proxyport; else { - if(proxytype == CURLPROXY_HTTPS) + if(IS_HTTPS_PROXY(proxytype)) port = CURL_DEFAULT_HTTPS_PROXY_PORT; else port = CURL_DEFAULT_PROXY_PORT; diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index 1fa05dca3..80168ee75 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -1813,8 +1813,14 @@ static CURLcode cf_ssl_proxy_create(struct Curl_cfilter **pcf, bool use_alpn = conn->bits.tls_enable_alpn; int httpwant = CURL_HTTP_VERSION_1_1; -#if defined(USE_HTTP2) && defined(DEBUGBUILD) - if(conn->bits.tunnel_proxy && getenv("CURL_PROXY_TUNNEL_H2")) { +#ifdef USE_HTTP2 + if(conn->bits.tunnel_proxy && + ((conn->http_proxy.proxytype == CURLPROXY_HTTPS2) +#ifdef DEBUGBUILD + || getenv("CURL_PROXY_TUNNEL_H2") +#endif + ) + ) { use_alpn = TRUE; httpwant = CURL_HTTP_VERSION_2; } |