1 files changed, 128 insertions, 10 deletions

diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index 1f89fbc00..3d254e1b5 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -230,6 +230,24 @@ static const struct LongShort aliases[]= {
   {"Er", "false-start",              FALSE},
   {"Es", "ssl-no-revoke",            FALSE},
   {"Et", "tcp-fastopen",             FALSE},
+  {"Eu", "proxy-tlsuser",            TRUE},
+  {"Ev", "proxy-tlspassword",        TRUE},
+  {"Ew", "proxy-tlsauthtype",        TRUE},
+  {"Ex", "proxy-cert",               TRUE},
+  {"Ey", "proxy-cert-type",          TRUE},
+  {"Ez", "proxy-key",                TRUE},
+  {"E0", "proxy-key-type",           TRUE},
+  {"E1", "proxy-pass",               TRUE},
+  {"E2", "proxy-ciphers",            TRUE},
+  {"E3", "proxy-crlfile",            TRUE},
+  {"E4", "proxy-ssl-allow-beast",    FALSE},
+  {"E5", "login-options",            TRUE},
+  {"E6", "proxy-cacert",             TRUE},
+  {"E7", "proxy-capath",             TRUE},
+  {"E8", "proxy-insecure",           FALSE},
+  {"E9", "proxy-tlsv1",              FALSE},
+  {"EA", "proxy-sslv2",              FALSE},
+  {"EB", "proxy-sslv3",              FALSE},
   {"f",  "fail",                     FALSE},
   {"fa", "fail-early",               FALSE},
   {"F",  "form",                     TRUE},
@@ -384,6 +402,20 @@ done:
   *certname_place = '\0';
 }
 
+static void
+GetFileAndPassword(char *nextarg, char **file, char **password)
+{
+  char *certname, *passphrase;
+  parse_cert_parameter(nextarg, &certname, &passphrase);
+  Curl_safefree(*file);
+  *file = certname;
+  if(passphrase) {
+    Curl_safefree(*password);
+    *password = passphrase;
+  }
+  cleanarg(nextarg);
+}
+
 ParameterError getparameter(char *flag,    /* f or -long-flag */
                             char *nextarg, /* NULL if unset */
                             bool *usedarg, /* set to TRUE if the arg
@@ -1334,6 +1366,9 @@ ParameterError getparameter(char *flag,    /* f or -long-flag */
     break;
     case 'E':
       switch(subletter) {
+      case '\0': /* certificate file */
+        GetFileAndPassword(nextarg, &config->cert, &config->key_passwd);
+        break;
       case 'a': /* CA info PEM file */
         /* CA info PEM file */
         GetStr(&config->cacert, nextarg);
@@ -1424,18 +1459,101 @@ ParameterError getparameter(char *flag,    /* f or -long-flag */
         config->tcp_fastopen = TRUE;
         break;
 
-      default: /* certificate file */
-      {
-        char *certname, *passphrase;
-        parse_cert_parameter(nextarg, &certname, &passphrase);
-        Curl_safefree(config->cert);
-        config->cert = certname;
-        if(passphrase) {
-          Curl_safefree(config->key_passwd);
-          config->key_passwd = passphrase;
+      case 'u': /* TLS username for proxy */
+        if(curlinfo->features & CURL_VERSION_TLSAUTH_SRP)
+          GetStr(&config->proxy_tls_username, nextarg);
+        else
+          return PARAM_LIBCURL_DOESNT_SUPPORT;
+        break;
+
+      case 'v': /* TLS password for proxy */
+        if(curlinfo->features & CURL_VERSION_TLSAUTH_SRP)
+          GetStr(&config->proxy_tls_password, nextarg);
+        else
+          return PARAM_LIBCURL_DOESNT_SUPPORT;
+        break;
+
+      case 'w': /* TLS authentication type for proxy */
+        if(curlinfo->features & CURL_VERSION_TLSAUTH_SRP) {
+          GetStr(&config->proxy_tls_authtype, nextarg);
+          if(!curl_strequal(config->proxy_tls_authtype, "SRP"))
+            return PARAM_LIBCURL_DOESNT_SUPPORT; /* only support TLS-SRP */
         }
+        else
+          return PARAM_LIBCURL_DOESNT_SUPPORT;
+        break;
+
+      case 'x': /* certificate file for proxy */
+        GetFileAndPassword(nextarg, &config->proxy_cert,
+                           &config->proxy_key_passwd);
+        break;
+
+      case 'y': /* cert file type for proxy */
+        GetStr(&config->proxy_cert_type, nextarg);
+        break;
+
+      case 'z': /* private key file for proxy */
+        GetStr(&config->proxy_key, nextarg);
+        break;
+
+      case '0': /* private key file type for proxy */
+        GetStr(&config->proxy_key_type, nextarg);
+        break;
+
+      case '1': /* private key passphrase for proxy */
+        GetStr(&config->proxy_key_passwd, nextarg);
         cleanarg(nextarg);
-      }
+        break;
+
+      case '2': /* ciphers for proxy */
+        GetStr(&config->proxy_cipher_list, nextarg);
+        break;
+
+      case '3': /* CRL info PEM file for proxy */
+        /* CRL file */
+        GetStr(&config->proxy_crlfile, nextarg);
+        break;
+
+      case '4': /* no empty SSL fragments for proxy */
+        if(curlinfo->features & CURL_VERSION_SSL)
+          config->proxy_ssl_allow_beast = toggle;
+        break;
+
+      case '5': /* --login-options */
+        GetStr(&config->login_options, nextarg);
+        break;
+
+      case '6': /* CA info PEM file for proxy */
+        /* CA info PEM file */
+        GetStr(&config->proxy_cacert, nextarg);
+        break;
+
+      case '7': /* CA info PEM file for proxy */
+        /* CA cert directory */
+        GetStr(&config->proxy_capath, nextarg);
+        break;
+
+      case '8': /* allow insecure SSL connects for proxy */
+        config->proxy_insecure_ok = toggle;
+        break;
+
+      case '9':
+        /* TLS version 1 for proxy */
+        config->proxy_ssl_version = CURL_SSLVERSION_TLSv1;
+        break;
+
+      case 'A':
+        /* SSL version 2 for proxy */
+        config->proxy_ssl_version = CURL_SSLVERSION_SSLv2;
+        break;
+
+      case 'B':
+        /* SSL version 3 for proxy */
+        config->proxy_ssl_version = CURL_SSLVERSION_SSLv3;
+        break;
+
+      default: /* unknown flag */
+        return PARAM_OPTION_UNKNOWN;
       }
       break;
     case 'f':