cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: curl_easy_setopt for SSL proxy

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 26 Jan 2009 09:20:26 +0100 (CET)

On Sun, 25 Jan 2009, A. Craig West wrote:

> I believe what he is looking for is a way to specify a different proxy for
> each protocol separately, which is something I will need to implement
> eventually as well. The difficult thing would be dealing with possible
> future or optional protocols gracefully. I have thought of one possible
> implementation, if we make CURLOPT_PROXY a comma separated list of proxies,
> and if the proxy includes a protocol, use the proxy for that protocol only.
> An example would be: curl_easy_setopt(CURLOPT_PROXY,
> "https://sslproxy.com:8443,ftp://ftpproxy.com,defaultproxy.com"); Which
> would set up 3 proxies, one for https: urls, one for ftp: urls, and one for
> everything else... Authentication could complicate things, but you could
> also include user:password@ in the definition to deal with that. This has
> the advantage of not requiring new options for every protocol, but seems
> somewhat kludgy.

I thought about this some more and it struck me that this solution of
providing multiple proxies would still not be sufficient to cover all
imaginable scenarios.

First out, NO_PROXY could probably be different on different proxies. Then, we
have the chances of the proxies being different kinds! We want HTTP over a
HTTP proxy, but FTP we want over a socks4 while SCP always goes over
socks5-hostname... Then we even have different auth methods for the cases
where two protocols go over HTTP proxies but one of them is to use NTLM while
another is fine only with Digest...

And then we go back to the *actual* use-case I've seen in real-life many times
that certainly won't be covered either: PAC setups that send the broswer to
different proxies depending on the specific host name used in the URL...

I'm not sure if anything of this is worth bothering about, I just thought I
should mention this when we start to even consider a wider support for
"multiple" proxies.

-- 
  / daniel.haxx.se
Received on 2009-01-26