summaryrefslogtreecommitdiff
path: root/lib/http_proxy.c
Commit message (Collapse)AuthorAgeFilesLines
* http_proxy: part of conditional expression is always true: !errorDaniel Stenberg2019-09-201-1/+1
| | | | | Fixes warning detected by PVS-Studio Fixes #4374
* NTLM: reset proxy "multipass" state when CONNECT request is doneSergey Ogryzkov2019-06-021-0/+1
| | | | Closes #3972
* urldata: rename easy_conn to just connDaniel Stenberg2019-01-111-2/+2
| | | | | | | | | | | | | | | We use "conn" everywhere to be a pointer to the connection. Introduces two functions that "attaches" and "detaches" the connection to and from the transfer. Going forward, we should favour using "data->conn" (since a transfer always only has a single connection or none at all) to "conn->data" (since a connection can have none, one or many transfers associated with it and updating conn->data to be correct is error prone and a frequent reason for internal issues). Closes #3442
* http: made Curl_add_buffer functions take a pointer-pointerDaniel Stenberg2018-09-161-7/+7
| | | | | | | ... so that they can clear the original pointer on failure, which makes the error-paths and their cleanups easier. Closes #2992
* http_proxy: Remove unused macro SELECT_TIMEOUTRikard Falkeborn2018-08-091-1/+0
| | | | | | Usage was removed in 5113ad0424044458ac497fa1458ebe0101356b22. Closes #2852
* Curl_debug: remove dead printhost codeDaniel Stenberg2018-06-121-1/+1
| | | | | | | | | The struct field is never set (since 5e0d9aea3) so remove the use of it and remove the connectdata pointer from the prototype. Reported-by: Tejas Bug: https://curl.haxx.se/mail/lib-2018-06/0054.html Closes #2647
* cppcheck: fix warningsMarian Klymov2018-06-111-1/+1
| | | | | | | | | | | | | - Get rid of variable that was generating false positive warning (unitialized) - Fix issues in tests - Reduce scope of several variables all over etc Closes #2631
* strictness: correct {infof, failf} format specifiersRikard Falkeborn2018-05-311-1/+1
| | | | Closes #2623
* lib: Fix format specifiersRikard Falkeborn2018-05-141-2/+2
|
* HTTP: allow "header;" to replace an internal header with a blank oneDaniel Stenberg2018-03-111-4/+4
| | | | | | Reported-by: Michael Kaufmann Fixes #2357 Closes #2362
* CONNECT: keep close connection flag in http_connect_state structZachary Seguin2017-12-071-6/+6
| | | | | Fixes #2088 Closes #2157
* timeleft: made two more users of Curl_timeleft use timediff_tDaniel Stenberg2017-10-291-1/+1
|
* code style: use spaces around equals signsDaniel Stenberg2017-09-111-7/+7
|
* http-proxy: when not doing CONNECT, that phase is done immediatelyDaniel Stenberg2017-09-071-1/+1
| | | | | | | | | `conn->connect_state` is NULL when doing a regular non-CONNECT request over the proxy and should therefor be considered complete at once. Fixes #1853 Closes #1862 Reported-by: Lawrence Wagerfield
* http-proxy: treat all 2xx as CONNECT successDaniel Stenberg2017-09-051-3/+4
| | | | | | | | Added test 1904 to verify. Reported-by: Lawrence Wagerfield Fixes #1859 Closes #1860
* http_proxy: fix build error for CURL_DOES_CONVERSIONSMaksim Stsepanenka2017-08-161-1/+2
| | | | Closes https://github.com/curl/curl/pull/1793
* strtoofft: reduce integer overflow risks globallyDaniel Stenberg2017-08-141-2/+2
| | | | | | | ... make sure we bail out on overflows. Reported-by: Brian Carpenter Closes #1758
* http_proxy: fix build with http and proxyMarcel Raad2017-06-181-1/+0
| | | | | | After deff7de0eb0e22d2d142b96b9cc84cd8db5d2a48, the build without CURL_DISABLE_PROXY and CURL_DISABLE_HTTP was failing because of missing includes.
* http_proxy: fix compiler warningMarcel Raad2017-06-181-1/+2
| | | | | With CURL_DISABLE_PROXY or CURL_DISABLE_HTTP, GCC complained about a missing prototype for Curl_connect_free.
* http-proxy: fix chunked-encoded CONNECT responsesDaniel Stenberg2017-06-161-3/+2
| | | | | | | | Regression since 5113ad0424. ... and remove 'flaky' from test 1061 again Closes #1579
* http-proxy: deal with EAGAINDaniel Stenberg2017-06-161-2/+1
| | | | | | | | ... the previous code would reset the header length wrongly (since 5113ad0424). This makes test 1060 reliable again. Also: make sws send even smaller chunks of data to increase the likeliness of this happening.
* http-proxy: fix build with --disable-proxy or --disable-httpDaniel Stenberg2017-06-161-0/+5
| | | | Reported-by: Dan Fandrich
* http-proxy: do the HTTP CONNECT process entirely non-blockingDaniel Stenberg2017-06-141-109/+134
| | | | | | | Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
* http-proxy: use a dedicated CONNECT response bufferDaniel Stenberg2017-05-011-15/+40
| | | | | To make it suitably independent of the receive buffer and its flexible size.
* http-proxy: remove unused argument from Curl_proxyCONNECT()Daniel Stenberg2017-04-261-14/+6
|
* Improve code readbilitySylvestre Ledru2017-03-131-10/+6
| | | | | | ... by removing the else branch after a return, break or continue. Closes #1310
* url: add option CURLOPT_SUPPRESS_CONNECT_HEADERSDesmond O. Chang2017-03-121-10/+9
| | | | | | | | | | | | | | - Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing proxy CONNECT response headers from the user callback functions CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION. - Add new tool option --suppress-connect-headers to expose CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT response headers from --dump-header and --include. Assisted-by: Jay Satiro Assisted-by: CarloCannas@users.noreply.github.com Closes https://github.com/curl/curl/pull/783
* http_proxy: Ignore TE and CL in CONNECT 2xx responsesJay Satiro2017-03-111-20/+21
| | | | | | | | | | | | | | | | A client MUST ignore any Content-Length or Transfer-Encoding header fields received in a successful response to CONNECT. "Successful" described as: 2xx (Successful). RFC 7231 4.3.6 Prior to this change such a case would cause an error. In some ways this bug appears to be a regression since c50b878. Prior to that libcurl may have appeared to function correctly in such cases by acting on those headers instead of causing an error. But that behavior was also incorrect. Bug: https://github.com/curl/curl/issues/1317 Reported-by: mkzero@users.noreply.github.com
* proxy: fix hostname resolution and IDN conversionMichael Kaufmann2017-02-181-4/+9
| | | | | | | | | | | Properly resolve, convert and log the proxy host names. Support the "--connect-to" feature for SOCKS proxies and for passive FTP data transfers. Follow-up to cb4e2be Reported-by: Jay Satiro Fixes https://github.com/curl/curl/issues/1248
* http_proxy: avoid freeing static memoryDaniel Stenberg2017-02-091-3/+3
| | | | Follow up to 7fe81ec298e0: make sure 'host' is either NULL or malloced.
* http_proxy: Fix tiny memory leak upon edge case connecting to proxyCameron MacMinn2017-02-091-1/+1
| | | | Fixes #1255
* http_proxy: Fix proxy CONNECT hang on pending dataJay Satiro2016-12-191-232/+229
| | | | | | | - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
* checksrc: stricter no-space-before-paren enforcementDaniel Stenberg2016-12-131-2/+2
| | | | In order to make the code style more uniform everywhere
* http_proxy: simplify CONNECT response readingDaniel Stenberg2016-12-011-168/+149
| | | | | | Since it now reads responses one byte a time, a loop could be removed and it is no longer limited to get the whole response within 16K, it is now instead only limited to 16K maximum header line lengths.
* CONNECT: read responses one byte at a timeDaniel Stenberg2016-12-011-14/+7
| | | | | | | | ... so that it doesn't read data that is actually coming from the remote. 2xx responses have no body from the proxy, that data is from the peer. Fixes #1132
* CONNECT: reject TE or CL in 2xx responsesDaniel Stenberg2016-12-011-0/+17
| | | | | | | | A server MUST NOT send any Transfer-Encoding or Content-Length header fields in a 2xx (Successful) response to CONNECT. (RFC 7231 section 4.3.6) Also fixes the three test cases that did this.
* HTTPS-proxy: fixed mbedtls and polishingOkhin Vasilij2016-11-241-0/+2
|
* proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov2016-11-241-5/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
* lib: fix compiler warnings after de4de4e3c7cMarcel Raad2016-11-181-1/+1
| | | | | | | | | Visual C++ now complains about implicitly casting time_t (64-bit) to long (32-bit). Fix this by changing some variables from long to time_t, or explicitly casting to long where the public interface would be affected. Closes #1131
* strcasecompare: all case insensitive string compares ignore locale nowDaniel Stenberg2016-10-311-1/+0
| | | | | We had some confusions on when each function was used. We should not act differently on different locales anyway.
* select: switch to macros in uppercaseDaniel Stenberg2016-10-181-4/+3
| | | | | | | | | | Curl_select_ready() was the former API that was replaced with Curl_select_check() a while back and the former arg setup was provided with a define (in order to leave existing code unmodified). Now we instead offer SOCKET_READABLE and SOCKET_WRITABLE for the most common shortcuts where only one socket is checked. They're also more visibly macros.
* http2: make sure stream errors don't needlessly close the connectionDaniel Stenberg2016-08-281-1/+1
| | | | | | | | With HTTP/2 each transfer is made in an indivial logical stream over the connection, making most previous errors that caused the connection to get forced-closed now instead just kill the stream and not the connection. Fixes #941
* Revert "Proxy-Connection: stop sending this header by default"Daniel Stenberg2016-08-161-3/+9
| | | | This reverts commit 113f04e664b16b944e64498a73a4dab990fe9a68.
* internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg2016-06-221-1/+1
|
* lib: include curl_printf.h as one of the last headersDaniel Stenberg2016-04-291-2/+2
| | | | | | | | | | | | | | | | | | | | curl_printf.h defines printf to curl_mprintf, etc. This can cause problems with external headers which may use __attribute__((format(printf, ...))) markers etc. To avoid that they cause problems with system includes, we include curl_printf.h after any system headers. That makes the three last headers to always be, and we keep them in this order: curl_printf.h curl_memory.h memdebug.h None of them include system headers, they all do funny #defines. Reported-by: David Benjamin Fixes #743
* news: CURLOPT_CONNECT_TO and --connect-toMichael Kaufmann2016-04-171-5/+20
| | | | | Makes curl connect to the given host+port instead of the host+port found in the URL.
* Proxy-Connection: stop sending this header by defaultDaniel Stenberg2016-02-081-9/+3
| | | | | | | | | RFC 7230 says we should stop. Firefox already stopped. Bug: https://github.com/curl/curl/issues/633 Reported-By: Brad Fitzpatrick Closes #633
* URLs: change all http:// URLs to https://Daniel Stenberg2016-02-031-1/+1
|
* FTP: do the HTTP CONNECT for data connection blockingDaniel Stenberg2015-06-171-8/+14
| | | | | | | | | | | | | | | ** WORK-AROUND ** The introduced non-blocking general behaviour for Curl_proxyCONNECT() didn't work for the data connection establishment unless it was very fast. The newly introduced function argument makes it operate in a more blocking manner, more like it used to work in the past. This blocking approach is only used when the FTP data connecting through HTTP proxy. Blocking like this is bad. A better fix would make it work more asynchronously. Bug: https://github.com/bagder/curl/issues/278
* http2: separate multiplex/pipelining + cleanup memory leaksDaniel Stenberg2015-05-181-4/+4
|
View Lorry Controller Status