Added a new 'bit' in the connect struct named 'tunnel_proxy' that is set
if a connection is tunneled through a proxy. A tunnel is done with CONNECT, either when using HTTPS or FTPS, or if explicitly enabled by the app.
This commit is contained in:
		| @@ -487,7 +487,7 @@ CURLcode Curl_ftp_connect(struct connectdata *conn) | |||||||
|   ftp->passwd = conn->passwd; |   ftp->passwd = conn->passwd; | ||||||
|   ftp->response_time = 3600; /* set default response time-out */ |   ftp->response_time = 3600; /* set default response time-out */ | ||||||
|  |  | ||||||
|   if (data->set.tunnel_thru_httpproxy) { |   if (conn->bits.tunnel_proxy) { | ||||||
|     /* We want "seamless" FTP operations through HTTP proxy tunnel */ |     /* We want "seamless" FTP operations through HTTP proxy tunnel */ | ||||||
|     result = Curl_ConnectHTTPProxyTunnel(conn, FIRSTSOCKET, |     result = Curl_ConnectHTTPProxyTunnel(conn, FIRSTSOCKET, | ||||||
|                                          conn->host.name, conn->remote_port); |                                          conn->host.name, conn->remote_port); | ||||||
| @@ -1702,7 +1702,7 @@ CURLcode ftp_use_pasv(struct connectdata *conn, | |||||||
|     /* this just dumps information about this second connection */ |     /* this just dumps information about this second connection */ | ||||||
|     ftp_pasv_verbose(conn, conninfo, newhostp, connectport); |     ftp_pasv_verbose(conn, conninfo, newhostp, connectport); | ||||||
|    |    | ||||||
|   if(data->set.tunnel_thru_httpproxy) { |   if(conn->bits.tunnel_proxy) { | ||||||
|     /* We want "seamless" FTP operations through HTTP proxy tunnel */ |     /* We want "seamless" FTP operations through HTTP proxy tunnel */ | ||||||
|     result = Curl_ConnectHTTPProxyTunnel(conn, SECONDARYSOCKET, |     result = Curl_ConnectHTTPProxyTunnel(conn, SECONDARYSOCKET, | ||||||
|                                          newhostp, newport); |                                          newhostp, newport); | ||||||
|   | |||||||
							
								
								
									
										19
									
								
								lib/http.c
									
									
									
									
									
								
							
							
						
						
									
										19
									
								
								lib/http.c
									
									
									
									
									
								
							| @@ -254,8 +254,12 @@ CURLcode Curl_http_auth_act(struct connectdata *conn) | |||||||
|  * done. |  * done. | ||||||
|  * |  * | ||||||
|  * @param conn all information about the current connection |  * @param conn all information about the current connection | ||||||
|  |  * @param request pointer to the request keyword | ||||||
|  |  * @param path pointer to the requested path | ||||||
|  |  * @param proxytunnel boolean if this is the request setting up a "proxy | ||||||
|  |  * tunnel" | ||||||
|  * |  * | ||||||
|  * Returns CURLcode |  * @returns CURLcode | ||||||
|  */ |  */ | ||||||
| static CURLcode | static CURLcode | ||||||
| Curl_http_output_auth(struct connectdata *conn, | Curl_http_output_auth(struct connectdata *conn, | ||||||
| @@ -304,7 +308,7 @@ Curl_http_output_auth(struct connectdata *conn, | |||||||
|  |  | ||||||
|     /* Send proxy authentication header if needed */ |     /* Send proxy authentication header if needed */ | ||||||
|     if (conn->bits.httpproxy && |     if (conn->bits.httpproxy && | ||||||
|         (data->set.tunnel_thru_httpproxy == proxytunnel)) { |         (conn->bits.tunnel_proxy == proxytunnel)) { | ||||||
| #ifdef USE_SSLEAY | #ifdef USE_SSLEAY | ||||||
|       if(data->state.authproxy.want == CURLAUTH_NTLM) { |       if(data->state.authproxy.want == CURLAUTH_NTLM) { | ||||||
|         auth=(char *)"NTLM"; |         auth=(char *)"NTLM"; | ||||||
| @@ -1136,10 +1140,9 @@ CURLcode Curl_http_connect(struct connectdata *conn) | |||||||
|    * has occured, can we start talking SSL |    * has occured, can we start talking SSL | ||||||
|    */ |    */ | ||||||
|  |  | ||||||
|   if(conn->bits.httpproxy && |   if(conn->bits.tunnel_proxy) { | ||||||
|      ((conn->protocol & PROT_HTTPS) || data->set.tunnel_thru_httpproxy)) { |  | ||||||
|  |  | ||||||
|     /* either HTTPS over proxy, OR explicitly asked for a tunnel */ |     /* either SSL over proxy, or explicitly asked for */ | ||||||
|     result = Curl_ConnectHTTPProxyTunnel(conn, FIRSTSOCKET, |     result = Curl_ConnectHTTPProxyTunnel(conn, FIRSTSOCKET, | ||||||
|                                          conn->host.name, |                                          conn->host.name, | ||||||
|                                          conn->remote_port); |                                          conn->remote_port); | ||||||
| @@ -1396,9 +1399,9 @@ CURLcode Curl_http(struct connectdata *conn) | |||||||
|       return CURLE_OUT_OF_MEMORY; |       return CURLE_OUT_OF_MEMORY; | ||||||
|   } |   } | ||||||
|  |  | ||||||
|   if (conn->bits.httpproxy && |   if (conn->bits.httpproxy && !conn->bits.tunnel_proxy)  { | ||||||
|       !data->set.tunnel_thru_httpproxy && |     /* Using a proxy but does not tunnel through it */ | ||||||
|       !(conn->protocol&PROT_HTTPS))  { |  | ||||||
|     /* The path sent to the proxy is in fact the entire URL. But if the remote |     /* The path sent to the proxy is in fact the entire URL. But if the remote | ||||||
|        host is a IDN-name, we must make sure that the request we produce only |        host is a IDN-name, we must make sure that the request we produce only | ||||||
|        uses the encoded host name! */ |        uses the encoded host name! */ | ||||||
|   | |||||||
| @@ -2137,6 +2137,7 @@ static CURLcode CreateConnection(struct SessionHandle *data, | |||||||
|   conn->bits.user_passwd = data->set.userpwd?1:0; |   conn->bits.user_passwd = data->set.userpwd?1:0; | ||||||
|   conn->bits.proxy_user_passwd = data->set.proxyuserpwd?1:0; |   conn->bits.proxy_user_passwd = data->set.proxyuserpwd?1:0; | ||||||
|   conn->bits.no_body = data->set.opt_no_body; |   conn->bits.no_body = data->set.opt_no_body; | ||||||
|  |   conn->bits.tunnel_proxy = data->set.tunnel_thru_httpproxy; | ||||||
|  |  | ||||||
|   /* This initing continues below, see the comment "Continue connectdata |   /* This initing continues below, see the comment "Continue connectdata | ||||||
|    * initialization here" */ |    * initialization here" */ | ||||||
| @@ -2837,6 +2838,13 @@ static CURLcode CreateConnection(struct SessionHandle *data, | |||||||
|     free(proxydup); /* free the duplicate pointer and not the modified */ |     free(proxydup); /* free the duplicate pointer and not the modified */ | ||||||
|   } |   } | ||||||
|  |  | ||||||
|  |   /************************************************************* | ||||||
|  |    * If the protcol is using SSL and HTTP proxy is used, we set | ||||||
|  |    * the tunnel_proxy bit. | ||||||
|  |    *************************************************************/ | ||||||
|  |   if((conn->protocol&PROT_SSL) && conn->bits.httpproxy) | ||||||
|  |     conn->bits.tunnel_proxy = TRUE; | ||||||
|  |  | ||||||
|   /************************************************************* |   /************************************************************* | ||||||
|    * Take care of user and password authentication stuff |    * Take care of user and password authentication stuff | ||||||
|    *************************************************************/ |    *************************************************************/ | ||||||
|   | |||||||
| @@ -309,6 +309,10 @@ struct ConnectBits { | |||||||
|   bool retry;         /* this connection is about to get closed and then |   bool retry;         /* this connection is about to get closed and then | ||||||
|                          re-attempted at another connection. */ |                          re-attempted at another connection. */ | ||||||
|   bool no_body;       /* CURLOPT_NO_BODY (or similar) was set */ |   bool no_body;       /* CURLOPT_NO_BODY (or similar) was set */ | ||||||
|  |   bool tunnel_proxy;  /* if CONNECT is used to "tunnel" through the proxy. | ||||||
|  |                          This is implicit when SSL-protocols are used through | ||||||
|  |                          proxies, but can also be enabled explicitly by | ||||||
|  |                          apps */ | ||||||
| }; | }; | ||||||
|  |  | ||||||
| struct hostname { | struct hostname { | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user
	 Daniel Stenberg
					Daniel Stenberg