From 4ae2d9f24d3ba506f828df69357ac80b346348de Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Thu, 6 Apr 2023 09:54:57 +0200 Subject: proxy: http2 proxy tunnel implementation - currently only on debug build and when env variable CURL_PROXY_TUNNEL_H2 is present. - will ALPN negotiate with the proxy server and switch tunnel filter based on the protocol negotiated. - http/1.1 tunnel code moved into cf-h1-proxy.[ch] - http/2 tunnel code implemented in cf-h2-proxy.[ch] - tunnel start and ALPN set remains in http_proxy.c - moving all haproxy related code into cf-haproxy.[ch] VTLS changes - SSL filters rely solely on the "alpn" specification they are created with and no longer check conn->bits.tls_enable_alpn. - checks on which ALPN specification to use (or none at all) are done in vtls.c when creating the filter. Testing - added a nghttpx forward proxy to the pytest setup that speaks HTTP/2 and forwards all requests to the Apache httpd forward proxy server. - extending test coverage in test_10 cases - adding proxy tests for direct/tunnel h1/h2 use of basic auth. - adding test for http/1.1 and h2 proxy tunneling to pytest Closes #10780 --- lib/vtls/sectransp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/vtls/sectransp.c') diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c index 7f55fb5be..d59f2a8c0 100644 --- a/lib/vtls/sectransp.c +++ b/lib/vtls/sectransp.c @@ -2796,7 +2796,7 @@ check_handshake: } #if(CURL_BUILD_MAC_10_13 || CURL_BUILD_IOS_11) && HAVE_BUILTIN_AVAILABLE == 1 - if(cf->conn->bits.tls_enable_alpn) { + if(connssl->alpn) { if(__builtin_available(macOS 10.13.4, iOS 11, tvOS 11, *)) { CFArrayRef alpnArr = NULL; CFStringRef chosenProtocol = NULL; -- cgit v1.2.1