curl-library
Re: HTTPS proxy, another take
Date: Thu, 24 Nov 2016 06:47:23 +0100
Hello Daniel,
> Right. Focus should first be to make sure everything *existing*
> remains functional but then we should just start working on fixing the
> bugs in the HTTPS proxy functionality. Having the code in the master
> branch will make it easier to do that I think.
I tested it during the last week. And least for me no issues came up.
> You mean you can access a HTTP site over the HTTPS proxy?
that is true.
> In issue #1127 they do state: "Supported backends: OpenSSL, GnuTLS, and
> NSS". I suppose that might mean that those are the only backends that
> support HTTPS over HTTPS. Maybe they could help clarify that?
I see. I tried with openssl.
> Since we have this "only supported with" - situation, I think we should
> expose that with a feature bit for the curl_version_info() function so that
> applications can actually figure out if it is supposed to work or not.
That would be helpful.
> I would love to get access to let me try out HTTPS proxy stuff easier.
> I'll shoot you an email privately about it.
I send you an email offlist with credentials.
I found two other issues:
- If I specify the proxy as
https://daniel:password@proxy.glanzmann.de/ it assumes port
1080 (socks). I think we should change the default port number
to 443. Or is there another reasonable port number for https
proxies?
- If curl does not trust the https proxy cert, it tells me:
(infra) [~/work/vlconnect] local/linux/bin/curl --cacert /etc/ssl/certs/ca-certificates.crt --insecure --proxy https://daniel:aa3ge5Ai@proxy.glanzmann.de:443/ http://blog.fefe.de
curl: (51) Cert verify failed: BADCERT_NOT_TRUSTED
Maybe we should make clear to the user that the ssl cert of the
proxy is not trusted. Because that might be confusing for users
who have for example an environment variable set and forgot
about it, as I did.
Daniel, where should we track the issues with https proxy? In github
once it is merged?
Cheers,
Thomas
-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-11-24