curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: HTTPS proxy, another take

From: Thomas Glanzmann <thomas_at_glanzmann.de>
Date: Wed, 23 Nov 2016 23:52:12 +0100

Hello Daniel,

> Their work and some additional fixes exist in the HTTPS-proxy branch right
> now. I intend to merge that into master within days.

please do.

> If anyone objects or wants to do/check something before that happens,
> now is a great time!

I found the following bugs, we should fix:

        - If CURLOPT_PINNEDPUBLICKEY needs to be adopted to have one
          option for proxy and one for the https server. Currently
          CURLOPT_PINNEDPUBLICKEY applies for both.

        - I'm not able to access a https website through a https proxy
          with basic authentication (nginx ssl termination, squid with
          basic authentication):

(infra) [~/work/vlconnect] local/linux/bin/curl --proxy-cacert /etc/ssl/certs/ca-certificates.crt --cacert /etc/ssl/certs/ca-certificates.crt --proxy https://tg:password@proxy.glanzmann.de:443/ https://google.com
curl: (4) A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.

To my knowledge I have not disabled any related feature.

However I can access a http website over a proxy.

(infra) [~/work/vlconnect] local/linux/bin/curl --proxy-cacert /etc/ssl/certs/ca-certificates.crt --insecure --proxy https://tg:password@proxy.glanzmann.de:443/ http://blog.fefe.de

With the same proxy without https proxy I can access a https website.

local/linux/bin/curl --cacert /etc/ssl/certs/ca-certificates.crt https://google.com

I use curl with mbedtls. Am I the only one having this problem. If someone
needs access to my proxy for reproducing the problem, drop me an email. My
proxy works fine with chrome and firefox.

Cheers,
        Thomas
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-11-23