curl-library
Re: HTTPS proxy, another take
Date: Wed, 23 Nov 2016 23:52:12 +0100
Hello Daniel,
> Their work and some additional fixes exist in the HTTPS-proxy branch right
> now. I intend to merge that into master within days.
please do.
> If anyone objects or wants to do/check something before that happens,
> now is a great time!
I found the following bugs, we should fix:
- If CURLOPT_PINNEDPUBLICKEY needs to be adopted to have one
option for proxy and one for the https server. Currently
CURLOPT_PINNEDPUBLICKEY applies for both.
- I'm not able to access a https website through a https proxy
with basic authentication (nginx ssl termination, squid with
basic authentication):
(infra) [~/work/vlconnect] local/linux/bin/curl --proxy-cacert /etc/ssl/certs/ca-certificates.crt --cacert /etc/ssl/certs/ca-certificates.crt --proxy https://tg:password@proxy.glanzmann.de:443/ https://google.com
curl: (4) A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.
To my knowledge I have not disabled any related feature.
However I can access a http website over a proxy.
(infra) [~/work/vlconnect] local/linux/bin/curl --proxy-cacert /etc/ssl/certs/ca-certificates.crt --insecure --proxy https://tg:password@proxy.glanzmann.de:443/ http://blog.fefe.de
With the same proxy without https proxy I can access a https website.
local/linux/bin/curl --cacert /etc/ssl/certs/ca-certificates.crt https://google.com
I use curl with mbedtls. Am I the only one having this problem. If someone
needs access to my proxy for reproducing the problem, drop me an email. My
proxy works fine with chrome and firefox.
Cheers,
Thomas
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-11-23