aboutsummaryrefslogtreecommitdiff
path: root/lib/http_proxy.h
AgeCommit message (Collapse)Author
2016-11-24proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov
* HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2015-06-18FTP: fixed compiling with --disable-proxy, broken in b88f980aDan Fandrich
2015-06-17FTP: do the HTTP CONNECT for data connection blockingDaniel Stenberg
** WORK-AROUND ** The introduced non-blocking general behaviour for Curl_proxyCONNECT() didn't work for the data connection establishment unless it was very fast. The newly introduced function argument makes it operate in a more blocking manner, more like it used to work in the past. This blocking approach is only used when the FTP data connecting through HTTP proxy. Blocking like this is bad. A better fix would make it work more asynchronously. Bug: https://github.com/bagder/curl/issues/278
2014-03-05remote_port: allow connect to port 0Daniel Stenberg
Port number zero is perfectly allowed to connect to. I moved to storing the remote port number in an int so that -1 means undefined and 0-65535 can be used for legitimate port numbers.
2013-01-06Revert changes relative to lib/*.[ch] recent renamingYang Tse
This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
2012-12-28build: rename 76 lib/*.h filesYang Tse
76 private header files renamed to use our standard naming scheme. This commit only does the file renaming. ---------------------------------------- renamed: amigaos.h -> curl_amigaos.h renamed: arpa_telnet.h -> curl_arpa_telnet.h renamed: asyn.h -> curl_asyn.h renamed: axtls.h -> curl_axtls.h renamed: bundles.h -> curl_bundles.h renamed: conncache.h -> curl_conncache.h renamed: connect.h -> curl_connect.h renamed: content_encoding.h -> curl_content_encoding.h renamed: cookie.h -> curl_cookie.h renamed: cyassl.h -> curl_cyassl.h renamed: dict.h -> curl_dict.h renamed: easyif.h -> curl_easyif.h renamed: escape.h -> curl_escape.h renamed: file.h -> curl_file.h renamed: fileinfo.h -> curl_fileinfo.h renamed: formdata.h -> curl_formdata.h renamed: ftp.h -> curl_ftp.h renamed: ftplistparser.h -> curl_ftplistparser.h renamed: getinfo.h -> curl_getinfo.h renamed: gopher.h -> curl_gopher.h renamed: gtls.h -> curl_gtls.h renamed: hash.h -> curl_hash.h renamed: hostcheck.h -> curl_hostcheck.h renamed: hostip.h -> curl_hostip.h renamed: http.h -> curl_http.h renamed: http_chunks.h -> curl_http_chunks.h renamed: http_digest.h -> curl_http_digest.h renamed: http_negotiate.h -> curl_http_negotiate.h renamed: http_proxy.h -> curl_http_proxy.h renamed: if2ip.h -> curl_if2ip.h renamed: imap.h -> curl_imap.h renamed: inet_ntop.h -> curl_inet_ntop.h renamed: inet_pton.h -> curl_inet_pton.h renamed: krb4.h -> curl_krb4.h renamed: llist.h -> curl_llist.h renamed: memdebug.h -> curl_memdebug.h renamed: multiif.h -> curl_multiif.h renamed: netrc.h -> curl_netrc.h renamed: non-ascii.h -> curl_non-ascii.h renamed: nonblock.h -> curl_nonblock.h renamed: nssg.h -> curl_nssg.h renamed: parsedate.h -> curl_parsedate.h renamed: pingpong.h -> curl_pingpong.h renamed: polarssl.h -> curl_polarssl.h renamed: pop3.h -> curl_pop3.h renamed: progress.h -> curl_progress.h renamed: qssl.h -> curl_qssl.h renamed: rawstr.h -> curl_rawstr.h renamed: rtsp.h -> curl_rtsp.h renamed: select.h -> curl_select.h renamed: sendf.h -> curl_sendf.h renamed: setup.h -> curl_setup.h renamed: setup_once.h -> curl_setup_once.h renamed: share.h -> curl_share.h renamed: slist.h -> curl_slist.h renamed: smtp.h -> curl_smtp.h renamed: sockaddr.h -> curl_sockaddr.h renamed: socks.h -> curl_socks.h renamed: speedcheck.h -> curl_speedcheck.h renamed: splay.h -> curl_splay.h renamed: ssh.h -> curl_ssh.h renamed: sslgen.h -> curl_sslgen.h renamed: ssluse.h -> curl_ssluse.h renamed: strdup.h -> curl_strdup.h renamed: strequal.h -> curl_strequal.h renamed: strerror.h -> curl_strerror.h renamed: strtok.h -> curl_strtok.h renamed: strtoofft.h -> curl_strtoofft.h renamed: telnet.h -> curl_telnet.h renamed: tftp.h -> curl_tftp.h renamed: timeval.h -> curl_timeval.h renamed: transfer.h -> curl_transfer.h renamed: url.h -> curl_url.h renamed: urldata.h -> curl_urldata.h renamed: warnless.h -> curl_warnless.h renamed: wildcard.h -> curl_wildcard.h ----------------------------------------
2012-03-22http_proxy.h: fix builds with proxy or http disabledYang Tse
2012-03-22CONNECT: fix multi interface regressionDaniel Stenberg
The refactoring of HTTP CONNECT handling in commit 41b0237834232 that made it protocol independent broke it for the multi interface. This fix now introduce a better state handling and moved some logic to the http_proxy.c source file. Reported by: Yang Tse Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2011-05-24build: inclusion guardYang Tse
Enclose header file in an inclusion guard
2011-04-05Don't list NTLM in curl-config when HTTP is disabledDan Fandrich
Also, fixed Curl_proxyCONNECT() stub with HTTP disabled.
2011-04-05return code cleanup: build, init and run-time errorsDaniel Stenberg
Stop the abuse of CURLE_FAILED_INIT as return code for things not being init related by introducing two new return codes: CURLE_NOT_BUILT_IN and CURLE_UNKNOWN_OPTION CURLE_NOT_BUILT_IN replaces return code 4 that has been obsoleted for several years. It is used for returning error when something is attempted to be used but the feature/option was not enabled or explictitly disabled at build-time. Getting this error mostly means that libcurl needs to be rebuilt. CURLE_FAILED_INIT is now saved and used strictly for init failures. Getting this problem means something went seriously wrong, like a resource shortage or similar. CURLE_UNKNOWN_OPTION is the option formerly known as CURLE_UNKNOWN_TELNET_OPTION (and the old name is still present, separately defined to be removed in a very distant future). This error code is meant to be used to return when an option is given to libcurl that isn't known. This problem would mostly indicate a problem in the program that uses libcurl.
2011-04-04http-proxy: move proxy code to http_proxy.cDaniel Stenberg
The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.