diff options
author | Jay Satiro <raysatiro@yahoo.com> | 2017-03-14 03:03:46 -0400 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2017-06-16 12:16:41 +0200 |
commit | 17c5d05285cfadb0e898c3231346fc29b23b0690 (patch) | |
tree | fffadcb4f7959b912f9c3d5965ae57e7ae726911 /lib | |
parent | f94fcdba6eae7c2f14cb207fc6008bdc79a86d62 (diff) |
HTTPS-Proxy: don't offer h2 for https proxy connections
Bug: https://github.com/curl/curl/issues/1254
Closes #1546
Diffstat (limited to 'lib')
-rw-r--r-- | lib/vtls/gtls.c | 3 | ||||
-rw-r--r-- | lib/vtls/nss.c | 3 | ||||
-rw-r--r-- | lib/vtls/openssl.c | 3 |
3 files changed, 6 insertions, 3 deletions
diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 844be2de1..cbbb61f76 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -763,7 +763,8 @@ gtls_connect_step1(struct connectdata *conn, gnutls_datum_t protocols[2]; #ifdef USE_NGHTTP2 - if(data->set.httpversion >= CURL_HTTP_VERSION_2) { + if(data->set.httpversion >= CURL_HTTP_VERSION_2 && + (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) { protocols[cur].data = (unsigned char *)NGHTTP2_PROTO_VERSION_ID; protocols[cur].size = NGHTTP2_PROTO_VERSION_ID_LEN; cur++; diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index cd0138930..0097caf01 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -1992,7 +1992,8 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) unsigned char protocols[128]; #ifdef USE_NGHTTP2 - if(data->set.httpversion >= CURL_HTTP_VERSION_2) { + if(data->set.httpversion >= CURL_HTTP_VERSION_2 && + (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) { protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN; memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID, NGHTTP2_PROTO_VERSION_ID_LEN); diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index dbee36929..11419f488 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -2057,7 +2057,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) unsigned char protocols[128]; #ifdef USE_NGHTTP2 - if(data->set.httpversion >= CURL_HTTP_VERSION_2) { + if(data->set.httpversion >= CURL_HTTP_VERSION_2 && + (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) { protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN; memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID, |