aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
authorJay Satiro <raysatiro@yahoo.com>2017-03-14 03:03:46 -0400
committerDaniel Stenberg <daniel@haxx.se>2017-06-16 12:16:41 +0200
commit17c5d05285cfadb0e898c3231346fc29b23b0690 (patch)
treefffadcb4f7959b912f9c3d5965ae57e7ae726911 /lib/vtls
parentf94fcdba6eae7c2f14cb207fc6008bdc79a86d62 (diff)
HTTPS-Proxy: don't offer h2 for https proxy connections
Bug: https://github.com/curl/curl/issues/1254 Closes #1546
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/gtls.c3
-rw-r--r--lib/vtls/nss.c3
-rw-r--r--lib/vtls/openssl.c3
3 files changed, 6 insertions, 3 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 844be2de1..cbbb61f76 100644
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -763,7 +763,8 @@ gtls_connect_step1(struct connectdata *conn,
gnutls_datum_t protocols[2];
#ifdef USE_NGHTTP2
- if(data->set.httpversion >= CURL_HTTP_VERSION_2) {
+ if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+ (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
protocols[cur].data = (unsigned char *)NGHTTP2_PROTO_VERSION_ID;
protocols[cur].size = NGHTTP2_PROTO_VERSION_ID_LEN;
cur++;
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index cd0138930..0097caf01 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1992,7 +1992,8 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
unsigned char protocols[128];
#ifdef USE_NGHTTP2
- if(data->set.httpversion >= CURL_HTTP_VERSION_2) {
+ if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+ (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
NGHTTP2_PROTO_VERSION_ID_LEN);
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index dbee36929..11419f488 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2057,7 +2057,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
unsigned char protocols[128];
#ifdef USE_NGHTTP2
- if(data->set.httpversion >= CURL_HTTP_VERSION_2) {
+ if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+ (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,