Download
Browse source Changelog
Documentation
Project   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users curl-announce curl-commits Book: Everything curl Report a bug Mail Etiquette
Development
Autobuilds Code Style Contribute Internals Release Notes Release Procedure Roadmap Run Tests Security Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail

curl-library

Force cURL to use GET on proxy for HTTPs requests

From: Benjamin Morel via curl-library <curl-library_at_cool.haxx.se>
Date: Tue, 5 Dec 2017 19:35:28 +0100

Hi guys. I'm trying to figure out why cURL imposes a limitation when
dealing with proxies.

Let's say I'm providing cURL with the following proxy:

http://localhost:8080

When I query an HTTP website, cURL performs a standard HTTP GET proxy
request, which can be cached by the proxy:

GET http://example.com/ HTTP/1.1

However, when querying an HTTPs website, cURL performs a CONNECT instead,
effectively using the proxy as a TCP tunnel, and preventing it from caching
the response:

CONNECT example.com:80 HTTP/1.1

As far as I can see, there is currently no way to force cURL to perform a
GET request for HTTPs websites.

This behaviour seems to be documented in HTTPS and proxy
<https://ec.haxx.se/usingcurl-proxies.html#https-and-proxy>:

> HTTPS was designed to allow and provide secure and safe end-to-end privacy
> from the client to the server (and back). In order to provide that when
> speaking to an HTTP proxy, the HTTP protocol has a special request that
> curl uses to setup a tunnel through the proxy that it then can encrypt and
> verify. This HTTP method is known as CONNECT.
> When the proxy tunnels encrypted data through to the remote server after a
> CONNECT method sets it up, the proxy cannot see nor modify the traffic
> without breaking the encryption.

While I understand the rationale behind this, I don't think it is always
good. For instance, I have a local proxy server (Apache Traffic Server)
that cannot be accessed from the network, only from localhost. This proxy
is used as a local cache for my application, when it needs to retrieve an
HTTP(s) resource multiple times.

In its current state, cURL forces my application to retrieve the HTTPS
resources every single time, bypassing the HTTP cache.

It would be nice to add a cURL option to force a GET request on the proxy,
even for https URLs:

GET https://example.com/ HTTP/1.1

This is perfectly legal.

*Did I miss something? Would you consider adding this feature to cURL?*

Many thanks,
Benjamin

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-12-05