mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-03-31 16:00:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

CURLPROXY_HTTPS2: for HTTPS proxy that may speak HTTP/2

Browse Source 
Setting this proxy type allows curl to negotiate and use HTTP/2 with
HTTPS proxies.

Closes #10900
This commit is contained in:
Daniel Stenberg 2023-04-06 14:33:05 +02:00
parent 8803d2bfd9
commit 712e5f1e7f
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
9 changed files with 38 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/libcurl/opts/CURLOPT_PROXYTYPE.3
View File

@ -38,7 +38,9 @@ Pass one of the values below to set the type of the proxy.
.IP CURLPROXY_HTTP
HTTP Proxy. Default.
.IP CURLPROXY_HTTPS
HTTPS Proxy. (Added in 7.52.0 for OpenSSL, GnuTLS and NSS)
HTTPS Proxy using HTTP/1. (Added in 7.52.0 for OpenSSL, GnuTLS and NSS)
.IP CURLPROXY_HTTPS2
HTTPS Proxy and attempt to speak HTTP/2 over it. (Added in 8.1.0)
.IP CURLPROXY_HTTP_1_0
HTTP 1.0 Proxy. This is similar to CURLPROXY_HTTP except it uses HTTP/1.0 for
any CONNECT tunneling. It does not change the HTTP version of the actual HTTP

1
docs/libcurl/symbols-in-versions
View File

@ -954,6 +954,7 @@ CURLPROTO_TFTP 7.19.4
CURLPROXY_HTTP 7.10
CURLPROXY_HTTP_1_0 7.19.4
CURLPROXY_HTTPS 7.52.0
CURLPROXY_HTTPS2 8.1.0
CURLPROXY_SOCKS4 7.10
CURLPROXY_SOCKS4A 7.18.0
CURLPROXY_SOCKS5 7.10

3
include/curl/curl.h
View File

@ -780,7 +780,8 @@ typedef enum {
CONNECT HTTP/1.1 */
CURLPROXY_HTTP_1_0 = 1, /* added in 7.19.4, force to use CONNECT
HTTP/1.0 */
CURLPROXY_HTTPS = 2, /* added in 7.52.0 */
CURLPROXY_HTTPS = 2, /* HTTPS but stick to HTTP/1 added in 7.52.0 */
CURLPROXY_HTTPS2 = 3, /* HTTPS and attempt HTTP/2 added in 8.1.0 */
CURLPROXY_SOCKS4 = 4, /* support added in 7.15.2, enum existed already
in 7.10 */
CURLPROXY_SOCKS5 = 5, /* added in 7.10 */

2
lib/connect.c
View File

@ -1223,7 +1223,7 @@ connect_sub_chain:
if(ctx->state < CF_SETUP_CNNCT_HTTP_PROXY && cf->conn->bits.httpproxy) {
#ifdef USE_SSL
if(cf->conn->http_proxy.proxytype == CURLPROXY_HTTPS
if(IS_HTTPS_PROXY(cf->conn->http_proxy.proxytype)
&& !Curl_conn_is_ssl(cf->conn, cf->sockindex)) {
result = Curl_cf_ssl_proxy_insert_after(cf, data);
if(result)

2
lib/http.c
View File

@ -1305,7 +1305,7 @@ CURLcode Curl_buffer_send(struct dynbuf *in,
if((conn->handler->flags & PROTOPT_SSL
#ifndef CURL_DISABLE_PROXY
|| conn->http_proxy.proxytype == CURLPROXY_HTTPS
|| IS_HTTPS_PROXY(conn->http_proxy.proxytype)
#endif
)
&& conn->httpversion != 20) {

3
lib/http_proxy.h
View File

@ -46,4 +46,7 @@ extern struct Curl_cftype Curl_cft_http_proxy;
#endif /* !CURL_DISABLE_PROXY && !CURL_DISABLE_HTTP */
#define IS_HTTPS_PROXY(t) (((t) == CURLPROXY_HTTPS) || \
((t) == CURLPROXY_HTTPS2))
#endif /* HEADER_CURL_HTTP_PROXY_H */

2
lib/setopt.c
View File

@ -1155,7 +1155,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
case CURLOPT_PROXYTYPE:
/*
* Set proxy type. HTTP/HTTP_1_0/SOCKS4/SOCKS4a/SOCKS5/SOCKS5_HOSTNAME
* Set proxy type.
*/
arg = va_arg(param, long);
if((arg < CURLPROXY_HTTP) || (arg > CURLPROXY_SOCKS5_HOSTNAME))

30
lib/url.c
View File

@ -1209,17 +1209,19 @@ ConnectionExists(struct Curl_easy *data,
if(needle->bits.tunnel_proxy != check->bits.tunnel_proxy)
continue;
if(needle->http_proxy.proxytype == CURLPROXY_HTTPS) {
if(IS_HTTPS_PROXY(needle->http_proxy.proxytype)) {
/* use https proxy */
if(needle->handler->flags&PROTOPT_SSL) {
if(needle->http_proxy.proxytype !=
check->http_proxy.proxytype)
continue;
else if(needle->handler->flags&PROTOPT_SSL) {
/* use double layer ssl */
if(!Curl_ssl_config_matches(&needle->proxy_ssl_config,
&check->proxy_ssl_config))
continue;
}
if(!Curl_ssl_config_matches(&needle->ssl_config,
&check->ssl_config))
else if(!Curl_ssl_config_matches(&needle->ssl_config,
&check->ssl_config))
continue;
}
}
@ -1521,8 +1523,8 @@ static struct connectdata *allocate_conn(struct Curl_easy *data)
conn->bits.httpproxy = (conn->bits.proxy &&
(conn->http_proxy.proxytype == CURLPROXY_HTTP ||
conn->http_proxy.proxytype == CURLPROXY_HTTP_1_0 ||
conn->http_proxy.proxytype == CURLPROXY_HTTPS)) ?
TRUE : FALSE;
IS_HTTPS_PROXY(conn->http_proxy.proxytype))) ?
TRUE : FALSE;
conn->bits.socksproxy = (conn->bits.proxy &&
!conn->bits.httpproxy) ? TRUE : FALSE;
@ -2154,8 +2156,12 @@ static CURLcode parse_proxy(struct Curl_easy *data,
goto error;
}
if(strcasecompare("https", scheme))
proxytype = CURLPROXY_HTTPS;
if(strcasecompare("https", scheme)) {
if(proxytype != CURLPROXY_HTTPS2)
proxytype = CURLPROXY_HTTPS;
else
proxytype = CURLPROXY_HTTPS2;
}
else if(strcasecompare("socks5h", scheme))
proxytype = CURLPROXY_SOCKS5_HOSTNAME;
else if(strcasecompare("socks5", scheme))
@ -2183,9 +2189,9 @@ static CURLcode parse_proxy(struct Curl_easy *data,
#ifdef USE_SSL
if(!Curl_ssl_supports(data, SSLSUPP_HTTPS_PROXY))
#endif
if(proxytype == CURLPROXY_HTTPS) {
if(IS_HTTPS_PROXY(proxytype)) {
failf(data, "Unsupported proxy \'%s\', libcurl is built without the "
"HTTPS-proxy support.", proxy);
"HTTPS-proxy support.", proxy);
result = CURLE_NOT_BUILT_IN;
goto error;
}
@ -2242,7 +2248,7 @@ static CURLcode parse_proxy(struct Curl_easy *data,
given */
port = (int)data->set.proxyport;
else {
if(proxytype == CURLPROXY_HTTPS)
if(IS_HTTPS_PROXY(proxytype))
port = CURL_DEFAULT_HTTPS_PROXY_PORT;
else
port = CURL_DEFAULT_PROXY_PORT;

10
lib/vtls/vtls.c
View File

@ -1813,8 +1813,14 @@ static CURLcode cf_ssl_proxy_create(struct Curl_cfilter **pcf,
bool use_alpn = conn->bits.tls_enable_alpn;
int httpwant = CURL_HTTP_VERSION_1_1;
#if defined(USE_HTTP2) && defined(DEBUGBUILD)
if(conn->bits.tunnel_proxy && getenv("CURL_PROXY_TUNNEL_H2")) {
#ifdef USE_HTTP2
if(conn->bits.tunnel_proxy &&
((conn->http_proxy.proxytype == CURLPROXY_HTTPS2)
#ifdef DEBUGBUILD
|| getenv("CURL_PROXY_TUNNEL_H2")
#endif
)
) {
use_alpn = TRUE;
httpwant = CURL_HTTP_VERSION_2;
}