Download
Browse source Changelog
Documentation
Project   Bug Bounty   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   HTTP/2   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting Who and Why
libcurl
ABI API Competitors Examples Features Mailing list Related libs Using libcurl Tutorial Testimonials
Get Help
curl-library curl-users Mailing lists Book: Everything curl Video presentations Report a bug Paid support
Development
Autobuilds Code Style Contribute Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Security Process Specifications Test curl
News
Changelog Release table
curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Configuring a HttpsProxyTunnel

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 5 Dec 2019 19:51:26 +0100 (CET)

On Thu, 5 Dec 2019, Gael GUEGAN via curl-library wrote:

> I am new in using the libcurl, and I would like to make a secured tunnel
> through a proxy. But before, I would like to be sure that it is possible to
> make one using libcurl.

First, make sure that you're really talking about a HTTPS proxy and not just
doing HTTPS through HTTP proxy. A HTTPS proxy speaks HTTPS to the proxy, which
still is an unusual setup.

> I have seen that it exists the option CURLOPT_HTTPPROXYTUNNEL.

Yes, but when you speak HTTPS through a HTTP(S) proxy, that is implied.

> Would it be sufficient to configure curl with the following options too make
> my tunnel secure ?
>
>
> * CURLOPT_HTTPPROXYTUNNEL = 1L

Not necessary.

> * CURLOPT_PROXYTYPE=CURLPROXY_HTTPS

Double-check that you really mean HTTPS and not HTTP.

> * CURLOPT_PROXY_SSLCERT
> * CURLOPT_PROXY_SSLCERTTYPE
> * CURLOPT_PROXY_SSLKEY
> * CURLOPT_PROXY_SSLKEYTYPE

These are for using client certificates (sometimes called mTLS, for mutual
authentication). If you need that, then yes use these options.

> * CURLOPT_PROXY_CAPATH

If you need to specify a custom path for your HTTPS proxy connection, sure.

> * CURLOPT_PROXY_SSL_CIPHER_LIST

If you need to especially customized what ciphers you want to accept for your
HTTPS proxy connection, then this is the right option.

> Are all these options enough ?

No, because none of them sets the actual proxy host name. Most of the other
options are optional, not required. 

-- 
  / daniel.haxx.se | Get the best commercial curl support there is - from me
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2019-12-05