From 934a59ecd965e50ad7676d2640130f29c0220316 Mon Sep 17 00:00:00 2001 From: Enno Boland Date: Mon, 4 Jul 2016 09:02:19 +0200 Subject: [PATCH] lib/fetch/http.c: send proxy auth on https as connect header. fixes #185 --- lib/fetch/http.c | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/lib/fetch/http.c b/lib/fetch/http.c index a6f2f5a8..dcc7bf7d 100644 --- a/lib/fetch/http.c +++ b/lib/fetch/http.c @@ -695,6 +695,24 @@ http_authorize(conn_t *conn, const char *hdr, const char *p) * Helper functions for connecting to a server or proxy */ +/* + * Send headers consumed by the proxy server. + */ +static void +send_proxy_headers(conn_t *conn, struct url *purl) +{ + char *p; + + /* proxy authorization */ + if (purl) { + if (*purl->user || *purl->pwd) + http_basic_auth(conn, "Proxy-Authorization", + purl->user, purl->pwd); + else if ((p = getenv("HTTP_PROXY_AUTH")) != NULL && *p != '\0') + http_authorize(conn, "Proxy-Authorization", p); + } +} + /* * Connect to the correct HTTP server or proxy. */ @@ -733,8 +751,13 @@ http_connect(struct url *URL, struct url *purl, const char *flags, int *cached) /* fetch_connect() has already set an error code */ return (NULL); if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) { - http_cmd(conn, "CONNECT %s:%d HTTP/1.1\r\n\r\n", + http_cmd(conn, "CONNECT %s:%d HTTP/1.1\r\n", URL->host, URL->port); + + send_proxy_headers(conn, purl); + + http_cmd(conn, "\r\n"); + if (http_get_reply(conn) != HTTP_OK) { fetch_close(conn); return (NULL); @@ -909,14 +932,8 @@ http_request(struct url *URL, const char *op, struct url_stat *us, /* virtual host */ http_cmd(conn, "Host: %s\r\n", host); - /* proxy authorization */ - if (purl) { - if (*purl->user || *purl->pwd) - http_basic_auth(conn, "Proxy-Authorization", - purl->user, purl->pwd); - else if ((p = getenv("HTTP_PROXY_AUTH")) != NULL && *p != '\0') - http_authorize(conn, "Proxy-Authorization", p); - } + if (strcasecmp(URL->scheme, SCHEME_HTTPS) != 0) + send_proxy_headers(conn, purl); /* server authorization */ if (need_auth || *url->user || *url->pwd) {