Fetching a URL with an embedded user and password when both the http_proxy and
no_proxy environment variables are set doesn't work correctly. For example:

$ export http_proxy=http://localhost:3128/
$ export no_proxy=192.168.1.1

This works as expected:

$ curl -v http://192.168.1.1/
* About to connect() to 192.168.1.1 port 80 (#0)

but this attempts to go through the proxy anyway:

$ curl -v http://u:p@192.168.1.1/
* About to connect() to proxy localhost port 3128 (#0)

I think the cause is the order of operations in create_conn(), which does
proxy detection before removing the user and password from conn->host.name.

The attached patch reorders the code to fix it. The reasoning behind this is:

1. ParseURLAndFillConnection() fills in conn->protostr and may also do
   conn->protocol |= PROT_MISSING
2. setup_connection_internals() uses conn->protostr and sets conn->protocol
3. parse_url_userpass() needs conn->protocol

so the patch keeps these in the same order, but moves them before proxy
detection so that proxy detection gets the conn->host.name altered by
parse_url_userpass().

This problem came up on the #curl IRC channel.

James