moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity
curl/lib/http_proxy.c

687 lines
22 KiB
C
Raw Normal View History

http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
http_proxy: avoid freeing static memory Follow up to 7fe81ec298e0: make sure 'host' is either NULL or malloced.
2017-02-09 04:13:28 -05:00
* Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
URLs: change all http:// URLs to https://
2016-02-02 18:19:02 -05:00
* are also available at https://curl.haxx.se/docs/copyright.html.
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
build: fix circular header inclusion with other packages This commit renames lib/setup.h to lib/curl_setup.h and renames lib/setup_once.h to lib/curl_setup_once.h. Removes the need and usage of a header inclusion guard foreign to libcurl. [1] Removes the need and presence of an alarming notice we carried in old setup_once.h [2] ---------------------------------------- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, this single inclusion guard is enough to ensure that inclusion of lib/setup_once.h done from lib/setup.h is only done once. Additionally lib/setup.h has always used __SETUP_ONCE_H macro to protect inclusion of setup_once.h even after commit ec691ca3, this was to avoid a circular header inclusion triggered when building a c-ares enabled version with c-ares sources available which also has a setup_once.h header. Commit ec691ca3 exposes the real nature of __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard foreign to libcurl belonging to c-ares's setup_once.h The renaming this commit does, fixes the circular header inclusion, and as such removes the need and usage of a header inclusion guard foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. 2 - Due to the circular interdependency of old lib/setup_once.h and the c-ares setup_once.h header, old file lib/setup_once.h has carried back from 2006 up to now days an alarming and prominent notice about the need of keeping libcurl's and c-ares's setup_once.h in sync. Given that this commit fixes the circular interdependency, the need and presence of mentioned notice is removed. All mentioned interdependencies come back from now old days when the c-ares project lived inside a curl subdirectory. This commit removes last traces of such fact.
2013-01-06 13:06:49 -05:00
#include "curl_setup.h"
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
http_proxy: fix compiler warning With CURL_DISABLE_PROXY or CURL_DISABLE_HTTP, GCC complained about a missing prototype for Curl_connect_free.
2017-06-18 06:53:54 -04:00
#include "http_proxy.h"
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
#if !defined(CURL_DISABLE_PROXY) && !defined(CURL_DISABLE_HTTP)
#include <curl/curl.h>
Revert changes relative to lib/*.[ch] recent renaming This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
2013-01-03 20:50:28 -05:00
#include "sendf.h"
#include "http.h"
#include "url.h"
#include "select.h"
#include "progress.h"
#include "non-ascii.h"
#include "connect.h"
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
#include "curlx.h"
proxy: Support HTTPS proxy and SOCKS+HTTP(s) * HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-16 12:49:15 -05:00
#include "vtls/vtls.h"
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
lib: include curl_printf.h as one of the last headers curl_printf.h defines printf to curl_mprintf, etc. This can cause problems with external headers which may use __attribute__((format(printf, ...))) markers etc. To avoid that they cause problems with system includes, we include curl_printf.h after any system headers. That makes the three last headers to always be, and we keep them in this order: curl_printf.h curl_memory.h memdebug.h None of them include system headers, they all do funny #defines. Reported-by: David Benjamin Fixes #743
2016-04-29 09:46:40 -04:00
/* The last 3 #include files should be in this order */
#include "curl_printf.h"
mem-include-scan: verify memory #includes If we use memory functions (malloc, free, strdup etc) in C sources in libcurl and we fail to include curl_memory.h or memdebug.h we either fail to properly support user-provided memory callbacks or the memory leak system of the test suite fails. After Ajit's report of a failure in the first category in http_proxy.c, I spotted a few in the second category as well. These problems are now tested for by test 1132 which runs a perl program that scans for and attempts to check that we use the correct include files if a memory related function is used in the source code. Reported by: Ajit Dhumale Bug: http://curl.haxx.se/mail/lib-2012-11/0125.html
2012-11-16 18:59:42 -05:00
#include "curl_memory.h"
Revert changes relative to lib/*.[ch] recent renaming This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
2013-01-03 20:50:28 -05:00
#include "memdebug.h"
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
proxy: Support HTTPS proxy and SOCKS+HTTP(s) * HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-16 12:49:15 -05:00
/*
* Perform SSL initialization for HTTPS proxy. Sets
* proxy_ssl_connected connection bit when complete. Can be
* called multiple times.
*/
static CURLcode https_proxy_connect(struct connectdata *conn, int sockindex)
{
#ifdef USE_SSL
CURLcode result = CURLE_OK;
DEBUGASSERT(conn->http_proxy.proxytype == CURLPROXY_HTTPS);
if(!conn->bits.proxy_ssl_connected[sockindex]) {
/* perform SSL initialization for this socket */
result =
Curl_ssl_connect_nonblocking(conn, sockindex,
&conn->bits.proxy_ssl_connected[sockindex]);
if(result)
conn->bits.close = TRUE; /* a failed connection is marked for closure to
prevent (bad) re-use or similar */
}
return result;
#else
HTTPS-proxy: fixed mbedtls and polishing
2016-11-21 05:01:25 -05:00
(void) conn;
(void) sockindex;
proxy: Support HTTPS proxy and SOCKS+HTTP(s) * HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-16 12:49:15 -05:00
return CURLE_NOT_BUILT_IN;
#endif
}
CURLcode Curl_proxy_connect(struct connectdata *conn, int sockindex)
CONNECT: fix multi interface regression The refactoring of HTTP CONNECT handling in commit 41b0237834232 that made it protocol independent broke it for the multi interface. This fix now introduce a better state handling and moved some logic to the http_proxy.c source file. Reported by: Yang Tse Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-21 18:22:39 -04:00
{
proxy: Support HTTPS proxy and SOCKS+HTTP(s) * HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-16 12:49:15 -05:00
if(conn->http_proxy.proxytype == CURLPROXY_HTTPS) {
const CURLcode result = https_proxy_connect(conn, sockindex);
if(result)
return result;
if(!conn->bits.proxy_ssl_connected[sockindex])
return result; /* wait for HTTPS proxy SSL initialization to complete */
}
CONNECT: fix multi interface regression The refactoring of HTTP CONNECT handling in commit 41b0237834232 that made it protocol independent broke it for the multi interface. This fix now introduce a better state handling and moved some logic to the http_proxy.c source file. Reported by: Yang Tse Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-21 18:22:39 -04:00
if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
#ifndef CURL_DISABLE_PROXY
/* for [protocol] tunneled through HTTP proxy */
struct HTTP http_proxy;
void *prot_save;
news: CURLOPT_CONNECT_TO and --connect-to Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-01-25 08:37:24 -05:00
const char *hostname;
int remote_port;
CONNECT: fix multi interface regression The refactoring of HTTP CONNECT handling in commit 41b0237834232 that made it protocol independent broke it for the multi interface. This fix now introduce a better state handling and moved some logic to the http_proxy.c source file. Reported by: Yang Tse Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-21 18:22:39 -04:00
CURLcode result;
/* BLOCKING */
/* We want "seamless" operations through HTTP proxy tunnel */
/* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the
* member conn->proto.http; we want [protocol] through HTTP and we have
* to change the member temporarily for connecting to the HTTP
* proxy. After Curl_proxyCONNECT we have to set back the member to the
* original pointer
http-proxy: keep CONNECT connections alive (for NTLM) When doing CONNECT requests, libcurl must make sure the connection is alive as much as possible. NTLM requires it and it is generally good for other cases as well. NTLM over CONNECT requests has been broken since this regression I introduced in my CONNECT cleanup commits that started with 41b02378342, included since 7.25.0. Bug: http://curl.haxx.se/bug/view.cgi?id=3538625 Reported by: Marcel Raad
2012-07-05 05:10:50 -04:00
*
* This function might be called several times in the multi interface case
proxy: fix hostname resolution and IDN conversion Properly resolve, convert and log the proxy host names. Support the "--connect-to" feature for SOCKS proxies and for passive FTP data transfers. Follow-up to cb4e2be Reported-by: Jay Satiro Fixes https://github.com/curl/curl/issues/1248
2017-02-18 07:56:56 -05:00
* if the proxy's CONNECT response is not instant.
CONNECT: fix multi interface regression The refactoring of HTTP CONNECT handling in commit 41b0237834232 that made it protocol independent broke it for the multi interface. This fix now introduce a better state handling and moved some logic to the http_proxy.c source file. Reported by: Yang Tse Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-21 18:22:39 -04:00
*/
SessionHandle: the protocol specific pointer is now a void * All protocol handler structs are now opaque (void *) in the SessionHandle struct and moved in the request-specific sub-struct 'SingleRequest'. The intension is to keep the protocol specific knowledge in their own dedicated source files [protocol].c etc. There's some "leakage" where this policy is violated, to be addressed at a later point in time.
2013-08-05 04:32:08 -04:00
prot_save = conn->data->req.protop;
CONNECT: fix multi interface regression The refactoring of HTTP CONNECT handling in commit 41b0237834232 that made it protocol independent broke it for the multi interface. This fix now introduce a better state handling and moved some logic to the http_proxy.c source file. Reported by: Yang Tse Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-21 18:22:39 -04:00
memset(&http_proxy, 0, sizeof(http_proxy));
SessionHandle: the protocol specific pointer is now a void * All protocol handler structs are now opaque (void *) in the SessionHandle struct and moved in the request-specific sub-struct 'SingleRequest'. The intension is to keep the protocol specific knowledge in their own dedicated source files [protocol].c etc. There's some "leakage" where this policy is violated, to be addressed at a later point in time.
2013-08-05 04:32:08 -04:00
conn->data->req.protop = &http_proxy;
bits.close: introduce connection close tracking Make all code use connclose() and connkeep() when changing the "close state" for a connection. These two macros take a string argument with an explanation, and debug builds of curl will include that in the debug output. Helps tracking connection re-use/close issues.
2014-05-20 04:32:23 -04:00
connkeep(conn, "HTTP proxy CONNECT");
proxy: fix hostname resolution and IDN conversion Properly resolve, convert and log the proxy host names. Support the "--connect-to" feature for SOCKS proxies and for passive FTP data transfers. Follow-up to cb4e2be Reported-by: Jay Satiro Fixes https://github.com/curl/curl/issues/1248
2017-02-18 07:56:56 -05:00
/* for the secondary socket (FTP), use the "connect to host"
* but ignore the "connect to port" (use the secondary port)
*/
if(conn->bits.conn_to_host)
news: CURLOPT_CONNECT_TO and --connect-to Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-01-25 08:37:24 -05:00
hostname = conn->conn_to_host.name;
proxy: fix hostname resolution and IDN conversion Properly resolve, convert and log the proxy host names. Support the "--connect-to" feature for SOCKS proxies and for passive FTP data transfers. Follow-up to cb4e2be Reported-by: Jay Satiro Fixes https://github.com/curl/curl/issues/1248
2017-02-18 07:56:56 -05:00
else if(sockindex == SECONDARYSOCKET)
hostname = conn->secondaryhostname;
news: CURLOPT_CONNECT_TO and --connect-to Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-01-25 08:37:24 -05:00
else
hostname = conn->host.name;
proxy: Support HTTPS proxy and SOCKS+HTTP(s) * HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-16 12:49:15 -05:00
if(sockindex == SECONDARYSOCKET)
remote_port = conn->secondary_port;
else if(conn->bits.conn_to_port)
news: CURLOPT_CONNECT_TO and --connect-to Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-01-25 08:37:24 -05:00
remote_port = conn->conn_to_port;
else
remote_port = conn->remote_port;
http-proxy: remove unused argument from Curl_proxyCONNECT()
2017-04-25 18:34:22 -04:00
result = Curl_proxyCONNECT(conn, sockindex, hostname, remote_port);
SessionHandle: the protocol specific pointer is now a void * All protocol handler structs are now opaque (void *) in the SessionHandle struct and moved in the request-specific sub-struct 'SingleRequest'. The intension is to keep the protocol specific knowledge in their own dedicated source files [protocol].c etc. There's some "leakage" where this policy is violated, to be addressed at a later point in time.
2013-08-05 04:32:08 -04:00
conn->data->req.protop = prot_save;
CONNECT: fix multi interface regression The refactoring of HTTP CONNECT handling in commit 41b0237834232 that made it protocol independent broke it for the multi interface. This fix now introduce a better state handling and moved some logic to the http_proxy.c source file. Reported by: Yang Tse Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-21 18:22:39 -04:00
if(CURLE_OK != result)
return result;
multi: fix *getsock() with CONNECT The code used some happy eyeballs logic even _after_ CONNECT has been sent to a proxy, while the happy eyeball phase is already (should be) over by then. This is solved by splitting the multi state into two separate states introducing the new SENDPROTOCONNECT state. Bug: http://curl.haxx.se/mail/lib-2015-01/0170.html Reported-by: Peter Laser
2015-02-11 17:18:32 -05:00
Curl_safefree(conn->allocptr.proxyuserpwd);
CONNECT: fix multi interface regression The refactoring of HTTP CONNECT handling in commit 41b0237834232 that made it protocol independent broke it for the multi interface. This fix now introduce a better state handling and moved some logic to the http_proxy.c source file. Reported by: Yang Tse Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-21 18:22:39 -04:00
#else
return CURLE_NOT_BUILT_IN;
#endif
}
/* no HTTP tunnel proxy, just return */
return CURLE_OK;
}
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
bool Curl_connect_complete(struct connectdata *conn)
{
http-proxy: when not doing CONNECT, that phase is done immediately `conn->connect_state` is NULL when doing a regular non-CONNECT request over the proxy and should therefor be considered complete at once. Fixes #1853 Closes #1862 Reported-by: Lawrence Wagerfield
2017-09-04 17:43:05 -04:00
return !conn->connect_state ||
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
(conn->connect_state->tunnel_state == TUNNEL_COMPLETE);
}
bool Curl_connect_ongoing(struct connectdata *conn)
{
return conn->connect_state &&
(conn->connect_state->tunnel_state != TUNNEL_COMPLETE);
}
static CURLcode connect_init(struct connectdata *conn, bool reinit)
{
struct http_connect_state *s;
if(!reinit) {
DEBUGASSERT(!conn->connect_state);
s = calloc(1, sizeof(struct http_connect_state));
if(!s)
return CURLE_OUT_OF_MEMORY;
infof(conn->data, "allocate connect buffer!\n");
conn->connect_state = s;
}
else {
DEBUGASSERT(conn->connect_state);
s = conn->connect_state;
}
s->tunnel_state = TUNNEL_INIT;
code style: use spaces around equals signs
2017-09-09 17:09:06 -04:00
s->keepon = TRUE;
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->line_start = s->connect_buffer;
s->ptr = s->line_start;
code style: use spaces around equals signs
2017-09-09 17:09:06 -04:00
s->cl = 0;
CONNECT: keep close connection flag in http_connect_state struct Fixes #2088 Closes #2157
2017-12-05 22:15:31 -05:00
s->close_connection = FALSE;
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
return CURLE_OK;
}
static void connect_done(struct connectdata *conn)
{
struct http_connect_state *s = conn->connect_state;
s->tunnel_state = TUNNEL_COMPLETE;
infof(conn->data, "CONNECT phase completed!\n");
}
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
http-proxy: use a dedicated CONNECT response buffer To make it suitably independent of the receive buffer and its flexible size.
2017-04-24 19:03:17 -04:00
static CURLcode CONNECT(struct connectdata *conn,
int sockindex,
const char *hostname,
int remote_port)
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
{
code style: use spaces around equals signs
2017-09-09 17:09:06 -04:00
int subversion = 0;
struct Curl_easy *data = conn->data;
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
struct SingleRequest *k = &data->req;
CURLcode result;
curl_socket_t tunnelsocket = conn->sock[sockindex];
timeleft: made two more users of Curl_timeleft use timediff_t
2017-10-29 08:13:23 -04:00
timediff_t check;
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
struct http_connect_state *s = conn->connect_state;
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
#define SELECT_OK 0
#define SELECT_ERROR 1
#define SELECT_TIMEOUT 2
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
if(Curl_connect_complete(conn))
CONNECT: fix multi interface regression The refactoring of HTTP CONNECT handling in commit 41b0237834232 that made it protocol independent broke it for the multi interface. This fix now introduce a better state handling and moved some logic to the http_proxy.c source file. Reported by: Yang Tse Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-21 18:22:39 -04:00
return CURLE_OK; /* CONNECT is already completed */
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
conn->bits.proxy_connect_closed = FALSE;
do {
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
if(TUNNEL_INIT == s->tunnel_state) {
CONNECT: fix multi interface regression The refactoring of HTTP CONNECT handling in commit 41b0237834232 that made it protocol independent broke it for the multi interface. This fix now introduce a better state handling and moved some logic to the http_proxy.c source file. Reported by: Yang Tse Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-21 18:22:39 -04:00
/* BEGIN CONNECT PHASE */
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
char *host_port;
Curl_send_buffer *req_buffer;
infof(data, "Establish HTTP proxy tunnel to %s:%hu\n",
hostname, remote_port);
/* This only happens if we've looped here due to authentication
reasons, and we don't really use the newly cloned URL here
then. Just free() it. */
Bug #149: Deletion of unnecessary checks before calls of the function "free" The function "free" is documented in the way that no action shall occur for a passed null pointer. It is therefore not needed that a function caller repeats a corresponding check. http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first This issue was fixed by using the software Coccinelle 1.0.0-rc24. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-11 12:41:01 -04:00
free(data->req.newurl);
data->req.newurl = NULL;
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
/* initialize a dynamic send-buffer */
req_buffer = Curl_add_buffer_init();
if(!req_buffer)
return CURLE_OUT_OF_MEMORY;
host_port = aprintf("%s:%hu", hostname, remote_port);
if(!host_port) {
http2: separate multiplex/pipelining + cleanup memory leaks
2015-05-08 08:42:59 -04:00
Curl_add_buffer_free(req_buffer);
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
return CURLE_OUT_OF_MEMORY;
}
/* Setup the proxy-authorization header, if any */
result = Curl_http_output_auth(conn, "CONNECT", host_port, TRUE);
CONNECT: send correct Host: with IPv6 numerical address When the target host was given as a IPv6 numerical address, it was not properly put within square brackets for the Host: header in the CONNECT request. The "normal" request did fine. Reported by: "zooloo" Bug: http://curl.haxx.se/bug/view.cgi?id=3482093
2012-01-31 16:52:10 -05:00
free(host_port);
code cleanup: we prefer 'CURLcode result' ... for the local variable name in functions holding the return code. Using the same name universally makes code easier to read and follow. Also, unify code for checking for CURLcode errors with: if(result) or if(!result) instead of if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
2014-10-23 16:56:35 -04:00
if(!result) {
http_proxy: avoid freeing static memory Follow up to 7fe81ec298e0: make sure 'host' is either NULL or malloced.
2017-02-09 04:13:28 -05:00
char *host = NULL;
code style: use spaces around equals signs
2017-09-09 17:09:06 -04:00
const char *proxyconn = "";
const char *useragent = "";
proxy: Support HTTPS proxy and SOCKS+HTTP(s) * HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-11-16 12:49:15 -05:00
const char *http = (conn->http_proxy.proxytype == CURLPROXY_HTTP_1_0) ?
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
"1.0" : "1.1";
news: CURLOPT_CONNECT_TO and --connect-to Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-01-25 08:37:24 -05:00
bool ipv6_ip = conn->bits.ipv6_ip;
char *hostheader;
/* the hostname may be different */
if(hostname != conn->host.name)
ipv6_ip = (strchr(hostname, ':') != NULL);
code style: use spaces around equals signs
2017-09-09 17:09:06 -04:00
hostheader = /* host:port with IPv6 support */
news: CURLOPT_CONNECT_TO and --connect-to Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-01-25 08:37:24 -05:00
aprintf("%s%s%s:%hu", ipv6_ip?"[":"", hostname, ipv6_ip?"]":"",
CONNECT: fix ipv6 address in the Request-Line Commit 466150bc64d fixed the Host: header with CONNECT, but I then forgot the preceeding request-line. Now this too uses [brackets] properly if a ipv6 numerical address was given. Bug: http://curl.haxx.se/bug/view.cgi?id=3493129 Reported by: "Blacat"
2012-02-24 17:33:14 -05:00
remote_port);
http_proxy.c: fix OOM handling
2012-03-16 15:11:22 -04:00
if(!hostheader) {
http2: separate multiplex/pipelining + cleanup memory leaks
2015-05-08 08:42:59 -04:00
Curl_add_buffer_free(req_buffer);
CONNECT: fix ipv6 address in the Request-Line Commit 466150bc64d fixed the Host: header with CONNECT, but I then forgot the preceeding request-line. Now this too uses [brackets] properly if a ipv6 numerical address was given. Bug: http://curl.haxx.se/bug/view.cgi?id=3493129 Reported by: "Blacat"
2012-02-24 17:33:14 -05:00
return CURLE_OUT_OF_MEMORY;
http_proxy.c: fix OOM handling
2012-03-16 15:11:22 -04:00
}
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
CURLOPT_PROXYHEADER: set headers for proxy-only Includes docs and new test cases: 1525, 1526 and 1527 Co-written-by: Vijay Panghal
2014-01-31 02:10:07 -05:00
if(!Curl_checkProxyheaders(conn, "Host:")) {
CONNECT: fix ipv6 address in the Request-Line Commit 466150bc64d fixed the Host: header with CONNECT, but I then forgot the preceeding request-line. Now this too uses [brackets] properly if a ipv6 numerical address was given. Bug: http://curl.haxx.se/bug/view.cgi?id=3493129 Reported by: "Blacat"
2012-02-24 17:33:14 -05:00
host = aprintf("Host: %s\r\n", hostheader);
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
if(!host) {
http_proxy.c: fix OOM handling
2012-03-16 15:11:22 -04:00
free(hostheader);
http2: separate multiplex/pipelining + cleanup memory leaks
2015-05-08 08:42:59 -04:00
Curl_add_buffer_free(req_buffer);
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
return CURLE_OUT_OF_MEMORY;
}
}
Revert "Proxy-Connection: stop sending this header by default" This reverts commit 113f04e664b16b944e64498a73a4dab990fe9a68.
2016-08-16 02:36:04 -04:00
if(!Curl_checkProxyheaders(conn, "Proxy-Connection:"))
proxyconn = "Proxy-Connection: Keep-Alive\r\n";
CURLOPT_PROXYHEADER: set headers for proxy-only Includes docs and new test cases: 1525, 1526 and 1527 Co-written-by: Vijay Panghal
2014-01-31 02:10:07 -05:00
if(!Curl_checkProxyheaders(conn, "User-Agent:") &&
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
data->set.str[STRING_USERAGENT])
useragent = conn->allocptr.uagent;
result =
Curl_add_bufferf(req_buffer,
CONNECT: fix ipv6 address in the Request-Line Commit 466150bc64d fixed the Host: header with CONNECT, but I then forgot the preceeding request-line. Now this too uses [brackets] properly if a ipv6 numerical address was given. Bug: http://curl.haxx.se/bug/view.cgi?id=3493129 Reported by: "Blacat"
2012-02-24 17:33:14 -05:00
"CONNECT %s HTTP/%s\r\n"
"%s" /* Host: */
"%s" /* Proxy-Authorization */
Revert "Proxy-Connection: stop sending this header by default" This reverts commit 113f04e664b16b944e64498a73a4dab990fe9a68.
2016-08-16 02:36:04 -04:00
"%s" /* User-Agent */
"%s", /* Proxy-Connection */
CONNECT: fix ipv6 address in the Request-Line Commit 466150bc64d fixed the Host: header with CONNECT, but I then forgot the preceeding request-line. Now this too uses [brackets] properly if a ipv6 numerical address was given. Bug: http://curl.haxx.se/bug/view.cgi?id=3493129 Reported by: "Blacat"
2012-02-24 17:33:14 -05:00
hostheader,
http,
http_proxy: avoid freeing static memory Follow up to 7fe81ec298e0: make sure 'host' is either NULL or malloced.
2017-02-09 04:13:28 -05:00
host?host:"",
CONNECT: fix ipv6 address in the Request-Line Commit 466150bc64d fixed the Host: header with CONNECT, but I then forgot the preceeding request-line. Now this too uses [brackets] properly if a ipv6 numerical address was given. Bug: http://curl.haxx.se/bug/view.cgi?id=3493129 Reported by: "Blacat"
2012-02-24 17:33:14 -05:00
conn->allocptr.proxyuserpwd?
conn->allocptr.proxyuserpwd:"",
Revert "Proxy-Connection: stop sending this header by default" This reverts commit 113f04e664b16b944e64498a73a4dab990fe9a68.
2016-08-16 02:36:04 -04:00
useragent,
proxyconn);
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
http_proxy: Fix tiny memory leak upon edge case connecting to proxy Fixes #1255
2017-02-08 13:14:36 -05:00
if(host)
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
free(host);
CONNECT: fix ipv6 address in the Request-Line Commit 466150bc64d fixed the Host: header with CONNECT, but I then forgot the preceeding request-line. Now this too uses [brackets] properly if a ipv6 numerical address was given. Bug: http://curl.haxx.se/bug/view.cgi?id=3493129 Reported by: "Blacat"
2012-02-24 17:33:14 -05:00
free(hostheader);
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
code cleanup: we prefer 'CURLcode result' ... for the local variable name in functions holding the return code. Using the same name universally makes code easier to read and follow. Also, unify code for checking for CURLcode errors with: if(result) or if(!result) instead of if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
2014-10-23 16:56:35 -04:00
if(!result)
CURLOPT_PROXYHEADER: set headers for proxy-only Includes docs and new test cases: 1525, 1526 and 1527 Co-written-by: Vijay Panghal
2014-01-31 02:10:07 -05:00
result = Curl_add_custom_headers(conn, TRUE, req_buffer);
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
code cleanup: we prefer 'CURLcode result' ... for the local variable name in functions holding the return code. Using the same name universally makes code easier to read and follow. Also, unify code for checking for CURLcode errors with: if(result) or if(!result) instead of if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
2014-10-23 16:56:35 -04:00
if(!result)
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
/* CRLF terminate the request */
result = Curl_add_bufferf(req_buffer, "\r\n");
code cleanup: we prefer 'CURLcode result' ... for the local variable name in functions holding the return code. Using the same name universally makes code easier to read and follow. Also, unify code for checking for CURLcode errors with: if(result) or if(!result) instead of if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
2014-10-23 16:56:35 -04:00
if(!result) {
CONNECT: fix ipv6 address in the Request-Line Commit 466150bc64d fixed the Host: header with CONNECT, but I then forgot the preceeding request-line. Now this too uses [brackets] properly if a ipv6 numerical address was given. Bug: http://curl.haxx.se/bug/view.cgi?id=3493129 Reported by: "Blacat"
2012-02-24 17:33:14 -05:00
/* Send the connect request to the proxy */
/* BLOCKING */
source cleanup: unify look, style and indent levels By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed.
2011-04-20 09:17:42 -04:00
result =
Curl_add_buffer_send(req_buffer, conn,
&data->info.request_size, 0, sockindex);
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
}
req_buffer = NULL;
if(result)
failf(data, "Failed sending CONNECT to proxy");
}
CONNECT: send correct Host: with IPv6 numerical address When the target host was given as a IPv6 numerical address, it was not properly put within square brackets for the Host: header in the CONNECT request. The "normal" request did fine. Reported by: "zooloo" Bug: http://curl.haxx.se/bug/view.cgi?id=3482093
2012-01-31 16:52:10 -05:00
http2: separate multiplex/pipelining + cleanup memory leaks
2015-05-08 08:42:59 -04:00
Curl_add_buffer_free(req_buffer);
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
if(result)
return result;
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->tunnel_state = TUNNEL_CONNECT;
http-proxy: deal with EAGAIN ... the previous code would reset the header length wrongly (since 5113ad0424). This makes test 1060 reliable again. Also: make sws send even smaller chunks of data to increase the likeliness of this happening.
2017-06-16 11:20:43 -04:00
s->perline = 0;
CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design This reverts commit cb3e6dfa3511 and instead fixes the problem differently. The reverted commit addressed a test failure in test 1021 by simplifying and generalizing the code flow in a way that damaged the performance. Now we modify the flow so that Curl_proxyCONNECT() again does as much as possible in one go, yet still do test 1021 with and without valgrind. It failed due to mistakes in the multi state machine. Bug: http://curl.haxx.se/bug/view.cgi?id=1397 Reported-by: Paul Saab
2014-07-19 17:58:58 -04:00
} /* END CONNECT PHASE */
check = Curl_timeleft(data, NULL, TRUE);
if(check <= 0) {
failf(data, "Proxy CONNECT aborted due to timeout");
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
return CURLE_OPERATION_TIMEDOUT;
CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design This reverts commit cb3e6dfa3511 and instead fixes the problem differently. The reverted commit addressed a test failure in test 1021 by simplifying and generalizing the code flow in a way that damaged the performance. Now we modify the flow so that Curl_proxyCONNECT() again does as much as possible in one go, yet still do test 1021 with and without valgrind. It failed due to mistakes in the multi state machine. Bug: http://curl.haxx.se/bug/view.cgi?id=1397 Reported-by: Paul Saab
2014-07-19 17:58:58 -04:00
}
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
http-proxy: remove unused argument from Curl_proxyCONNECT()
2017-04-25 18:34:22 -04:00
if(!Curl_conn_data_pending(conn, sockindex))
/* return so we'll be called again polling-style */
return CURLE_OK;
Curl_proxyCONNECT: return once CONNECT is sent By doing this unconditionally, we infer a simpler and more defined behavior. This also has the upside that test 1021 no longer fails for me even if I run with valgrind. Also fixed some wrong comments.
2013-02-05 17:01:50 -05:00
CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design This reverts commit cb3e6dfa3511 and instead fixes the problem differently. The reverted commit addressed a test failure in test 1021 by simplifying and generalizing the code flow in a way that damaged the performance. Now we modify the flow so that Curl_proxyCONNECT() again does as much as possible in one go, yet still do test 1021 with and without valgrind. It failed due to mistakes in the multi state machine. Bug: http://curl.haxx.se/bug/view.cgi?id=1397 Reported-by: Paul Saab
2014-07-19 17:58:58 -04:00
/* at this point, the tunnel_connecting phase is over. */
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design This reverts commit cb3e6dfa3511 and instead fixes the problem differently. The reverted commit addressed a test failure in test 1021 by simplifying and generalizing the code flow in a way that damaged the performance. Now we modify the flow so that Curl_proxyCONNECT() again does as much as possible in one go, yet still do test 1021 with and without valgrind. It failed due to mistakes in the multi state machine. Bug: http://curl.haxx.se/bug/view.cgi?id=1397 Reported-by: Paul Saab
2014-07-19 17:58:58 -04:00
{ /* READING RESPONSE PHASE */
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
int error = SELECT_OK;
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
while(s->keepon && !error) {
ssize_t gotbytes;
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
/* make sure we have space to read more data */
if(s->ptr >= &s->connect_buffer[CONNECT_BUFFER_SIZE]) {
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
failf(data, "CONNECT response too large!");
return CURLE_RECV_ERROR;
}
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
/* Read one byte at a time to avoid a race condition. Wait at most one
second before looping to ensure continuous pgrsUpdates. */
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
result = Curl_read(conn, tunnelsocket, s->ptr, 1, &gotbytes);
if(result == CURLE_AGAIN)
/* socket buffer drained, return */
return CURLE_OK;
if(Curl_pgrsUpdate(conn))
return CURLE_ABORTED_BY_CALLBACK;
Improve code readbility ... by removing the else branch after a return, break or continue. Closes #1310
2017-03-10 08:28:37 -05:00
if(result) {
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->keepon = FALSE;
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
break;
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
}
else if(gotbytes <= 0) {
if(data->set.proxyauth && data->state.authproxy.avail) {
/* proxy auth was requested and there was proxy auth available,
then deem this as "mere" proxy disconnect */
conn->bits.proxy_connect_closed = TRUE;
infof(data, "Proxy CONNECT connection closed\n");
CONNECT: read responses one byte at a time ... so that it doesn't read data that is actually coming from the remote. 2xx responses have no body from the proxy, that data is from the peer. Fixes #1132
2016-11-29 18:09:13 -05:00
}
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
else {
error = SELECT_ERROR;
failf(data, "Proxy CONNECT aborted");
}
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->keepon = FALSE;
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
break;
}
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
if(s->keepon > TRUE) {
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
/* This means we are currently ignoring a response-body */
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->ptr = s->connect_buffer;
if(s->cl) {
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
/* A Content-Length based body: simply count down the counter
and make sure to break out of the loop when we're done! */
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->cl--;
if(s->cl <= 0) {
s->keepon = FALSE;
s->tunnel_state = TUNNEL_COMPLETE;
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
break;
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
}
}
else {
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
/* chunked-encoded body, so we need to do the chunked dance
properly to know when the end of the body is reached */
CHUNKcode r;
ssize_t tookcareof = 0;
/* now parse the chunked piece of data so that we can
properly tell when the stream ends */
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
r = Curl_httpchunk_read(conn, s->ptr, 1, &tookcareof);
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
if(r == CHUNKE_STOP) {
/* we're done reading chunks! */
infof(data, "chunk reading DONE\n");
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->keepon = FALSE;
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
/* we did the full CONNECT treatment, go COMPLETE */
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->tunnel_state = TUNNEL_COMPLETE;
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
}
}
continue;
}
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->perline++; /* amount of bytes in this line so far */
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
/* if this is not the end of a header line then continue */
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
if(*s->ptr != 0x0a) {
s->ptr++;
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
continue;
}
/* convert from the network encoding */
http_proxy: fix build error for CURL_DOES_CONVERSIONS Closes https://github.com/curl/curl/pull/1793
2017-08-16 11:33:33 -04:00
result = Curl_convert_from_network(data, s->line_start,
(size_t)s->perline);
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
/* Curl_convert_from_network calls failf if unsuccessful */
if(result)
return result;
/* output debug if that is requested */
if(data->set.verbose)
Curl_debug(data, CURLINFO_HEADER_IN,
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->line_start, (size_t)s->perline, conn);
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
url: add option CURLOPT_SUPPRESS_CONNECT_HEADERS - Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing proxy CONNECT response headers from the user callback functions CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION. - Add new tool option --suppress-connect-headers to expose CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT response headers from --dump-header and --include. Assisted-by: Jay Satiro Assisted-by: CarloCannas@users.noreply.github.com Closes https://github.com/curl/curl/pull/783
2016-04-28 05:33:25 -04:00
if(!data->set.suppress_connect_headers) {
/* send the header to the callback */
int writetype = CLIENTWRITE_HEADER;
if(data->set.include_header)
writetype |= CLIENTWRITE_BODY;
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
result = Curl_client_write(conn, writetype,
s->line_start, s->perline);
url: add option CURLOPT_SUPPRESS_CONNECT_HEADERS - Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing proxy CONNECT response headers from the user callback functions CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION. - Add new tool option --suppress-connect-headers to expose CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT response headers from --dump-header and --include. Assisted-by: Jay Satiro Assisted-by: CarloCannas@users.noreply.github.com Closes https://github.com/curl/curl/pull/783
2016-04-28 05:33:25 -04:00
if(result)
return result;
}
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
data->info.header_size += (long)s->perline;
data->req.headerbytecount += (long)s->perline;
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
/* Newlines are CRLF, so the CR is ignored as the line isn't
really terminated until the LF comes. Treat a following CR
as end-of-headers as well.*/
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
if(('\r' == s->line_start[0]) ||
('\n' == s->line_start[0])) {
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
/* end of response-headers from the proxy */
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->ptr = s->connect_buffer;
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
if((407 == k->httpcode) && !data->state.authproblem) {
/* If we get a 407 response code with content length
when we have no auth problem, we must ignore the
whole response-body */
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->keepon = 2;
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
if(s->cl) {
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
infof(data, "Ignore %" CURL_FORMAT_CURL_OFF_T
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
" bytes of response-body\n", s->cl);
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
}
http-proxy: fix chunked-encoded CONNECT responses Regression since 5113ad0424. ... and remove 'flaky' from test 1061 again Closes #1579
2017-06-16 11:30:39 -04:00
else if(s->chunked_encoding) {
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
CHUNKcode r;
infof(data, "Ignore chunked response-body\n");
/* We set ignorebody true here since the chunked
decoder function will acknowledge that. Pay
attention so that this is cleared again when this
function returns! */
k->ignorebody = TRUE;
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
if(s->line_start[1] == '\n') {
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
/* this can only be a LF if the letter at index 0
was a CR */
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->line_start++;
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
}
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
/* now parse the chunked piece of data so that we can
properly tell when the stream ends */
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
r = Curl_httpchunk_read(conn, s->line_start + 1, 1, &gotbytes);
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
if(r == CHUNKE_STOP) {
/* we're done reading chunks! */
infof(data, "chunk reading DONE\n");
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->keepon = FALSE;
/* we did the full CONNECT treatment, go to COMPLETE */
s->tunnel_state = TUNNEL_COMPLETE;
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
}
}
http_proxy: simplify CONNECT response reading Since it now reads responses one byte a time, a loop could be removed and it is no longer limited to get the whole response within 16K, it is now instead only limited to 16K maximum header line lengths.
2016-11-29 18:31:23 -05:00
else {
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
/* without content-length or chunked encoding, we
can't keep the connection alive since the close is
the end signal so we bail out at once instead */
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->keepon = FALSE;
http_proxy: simplify CONNECT response reading Since it now reads responses one byte a time, a loop could be removed and it is no longer limited to get the whole response within 16K, it is now instead only limited to 16K maximum header line lengths.
2016-11-29 18:31:23 -05:00
}
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
}
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
else
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->keepon = FALSE;
if(!s->cl)
/* we did the full CONNECT treatment, go to COMPLETE */
s->tunnel_state = TUNNEL_COMPLETE;
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
continue;
}
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->line_start[s->perline] = 0; /* zero terminate the buffer */
if((checkprefix("WWW-Authenticate:", s->line_start) &&
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
(401 == k->httpcode)) ||
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
(checkprefix("Proxy-authenticate:", s->line_start) &&
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
(407 == k->httpcode))) {
bool proxy = (k->httpcode == 407) ? TRUE : FALSE;
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
char *auth = Curl_copy_header_value(s->line_start);
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
if(!auth)
return CURLE_OUT_OF_MEMORY;
result = Curl_http_input_auth(conn, proxy, auth);
free(auth);
if(result)
return result;
}
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
else if(checkprefix("Content-Length:", s->line_start)) {
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
if(k->httpcode/100 == 2) {
http_proxy: Ignore TE and CL in CONNECT 2xx responses A client MUST ignore any Content-Length or Transfer-Encoding header fields received in a successful response to CONNECT. "Successful" described as: 2xx (Successful). RFC 7231 4.3.6 Prior to this change such a case would cause an error. In some ways this bug appears to be a regression since c50b878. Prior to that libcurl may have appeared to function correctly in such cases by acting on those headers instead of causing an error. But that behavior was also incorrect. Bug: https://github.com/curl/curl/issues/1317 Reported-by: mkzero@users.noreply.github.com
2017-03-11 18:21:31 -05:00
/* A client MUST ignore any Content-Length or Transfer-Encoding
header fields received in a successful response to CONNECT.
"Successful" described as: 2xx (Successful). RFC 7231 4.3.6 */
infof(data, "Ignoring Content-Length in CONNECT %03d response\n",
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
k->httpcode);
}
http_proxy: Ignore TE and CL in CONNECT 2xx responses A client MUST ignore any Content-Length or Transfer-Encoding header fields received in a successful response to CONNECT. "Successful" described as: 2xx (Successful). RFC 7231 4.3.6 Prior to this change such a case would cause an error. In some ways this bug appears to be a regression since c50b878. Prior to that libcurl may have appeared to function correctly in such cases by acting on those headers instead of causing an error. But that behavior was also incorrect. Bug: https://github.com/curl/curl/issues/1317 Reported-by: mkzero@users.noreply.github.com
2017-03-11 18:21:31 -05:00
else {
strtoofft: reduce integer overflow risks globally ... make sure we bail out on overflows. Reported-by: Brian Carpenter Closes #1758
2017-08-14 17:33:23 -04:00
(void)curlx_strtoofft(s->line_start +
strlen("Content-Length:"), NULL, 10, &s->cl);
http_proxy: Ignore TE and CL in CONNECT 2xx responses A client MUST ignore any Content-Length or Transfer-Encoding header fields received in a successful response to CONNECT. "Successful" described as: 2xx (Successful). RFC 7231 4.3.6 Prior to this change such a case would cause an error. In some ways this bug appears to be a regression since c50b878. Prior to that libcurl may have appeared to function correctly in such cases by acting on those headers instead of causing an error. But that behavior was also incorrect. Bug: https://github.com/curl/curl/issues/1317 Reported-by: mkzero@users.noreply.github.com
2017-03-11 18:21:31 -05:00
}
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
}
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
else if(Curl_compareheader(s->line_start, "Connection:", "close"))
CONNECT: keep close connection flag in http_connect_state struct Fixes #2088 Closes #2157
2017-12-05 22:15:31 -05:00
s->close_connection = TRUE;
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
else if(checkprefix("Transfer-Encoding:", s->line_start)) {
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
if(k->httpcode/100 == 2) {
http_proxy: Ignore TE and CL in CONNECT 2xx responses A client MUST ignore any Content-Length or Transfer-Encoding header fields received in a successful response to CONNECT. "Successful" described as: 2xx (Successful). RFC 7231 4.3.6 Prior to this change such a case would cause an error. In some ways this bug appears to be a regression since c50b878. Prior to that libcurl may have appeared to function correctly in such cases by acting on those headers instead of causing an error. But that behavior was also incorrect. Bug: https://github.com/curl/curl/issues/1317 Reported-by: mkzero@users.noreply.github.com
2017-03-11 18:21:31 -05:00
/* A client MUST ignore any Content-Length or Transfer-Encoding
header fields received in a successful response to CONNECT.
"Successful" described as: 2xx (Successful). RFC 7231 4.3.6 */
infof(data, "Ignoring Transfer-Encoding in "
"CONNECT %03d response\n", k->httpcode);
}
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
else if(Curl_compareheader(s->line_start,
http_proxy: Ignore TE and CL in CONNECT 2xx responses A client MUST ignore any Content-Length or Transfer-Encoding header fields received in a successful response to CONNECT. "Successful" described as: 2xx (Successful). RFC 7231 4.3.6 Prior to this change such a case would cause an error. In some ways this bug appears to be a regression since c50b878. Prior to that libcurl may have appeared to function correctly in such cases by acting on those headers instead of causing an error. But that behavior was also incorrect. Bug: https://github.com/curl/curl/issues/1317 Reported-by: mkzero@users.noreply.github.com
2017-03-11 18:21:31 -05:00
"Transfer-Encoding:", "chunked")) {
infof(data, "CONNECT responded chunked\n");
http-proxy: fix chunked-encoded CONNECT responses Regression since 5113ad0424. ... and remove 'flaky' from test 1061 again Closes #1579
2017-06-16 11:30:39 -04:00
s->chunked_encoding = TRUE;
http_proxy: Ignore TE and CL in CONNECT 2xx responses A client MUST ignore any Content-Length or Transfer-Encoding header fields received in a successful response to CONNECT. "Successful" described as: 2xx (Successful). RFC 7231 4.3.6 Prior to this change such a case would cause an error. In some ways this bug appears to be a regression since c50b878. Prior to that libcurl may have appeared to function correctly in such cases by acting on those headers instead of causing an error. But that behavior was also incorrect. Bug: https://github.com/curl/curl/issues/1317 Reported-by: mkzero@users.noreply.github.com
2017-03-11 18:21:31 -05:00
/* init our chunky engine */
Curl_httpchunk_init(conn);
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
}
}
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
else if(Curl_compareheader(s->line_start,
"Proxy-Connection:", "close"))
CONNECT: keep close connection flag in http_connect_state struct Fixes #2088 Closes #2157
2017-12-05 22:15:31 -05:00
s->close_connection = TRUE;
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
else if(2 == sscanf(s->line_start, "HTTP/1.%d %d",
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
&subversion,
&k->httpcode)) {
/* store the HTTP code from the proxy */
data->info.httpproxycode = k->httpcode;
}
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->perline = 0; /* line starts over here */
s->ptr = s->connect_buffer;
s->line_start = s->ptr;
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
} /* while there's buffer left and loop is requested */
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
if(Curl_pgrsUpdate(conn))
return CURLE_ABORTED_BY_CALLBACK;
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
if(error)
return CURLE_RECV_ERROR;
http-proxy: treat all 2xx as CONNECT success Added test 1904 to verify. Reported-by: Lawrence Wagerfield Fixes #1859 Closes #1860
2017-09-04 04:45:02 -04:00
if(data->info.httpproxycode/100 != 2) {
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
/* Deal with the possibly already received authenticate
headers. 'newurl' is set to a new URL if we must loop. */
result = Curl_http_auth_act(conn);
if(result)
return result;
if(conn->bits.close)
/* the connection has been marked for closure, most likely in the
Curl_http_auth_act() function and thus we can kill it at once
http_proxy: Fix proxy CONNECT hang on pending data - Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-08 16:32:36 -05:00
below */
CONNECT: keep close connection flag in http_connect_state struct Fixes #2088 Closes #2157
2017-12-05 22:15:31 -05:00
s->close_connection = TRUE;
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
}
CONNECT: keep close connection flag in http_connect_state struct Fixes #2088 Closes #2157
2017-12-05 22:15:31 -05:00
if(s->close_connection && data->req.newurl) {
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
/* Connection closed by server. Don't use it anymore */
CLOSESOCKETFUNCTION: added Introduced the initial setup to allow closesocket callbacks by making sure sclose() is only ever called from one place in the libcurl source and still run all test cases fine.
2011-05-16 17:46:43 -04:00
Curl_closesocket(conn, conn->sock[sockindex]);
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
conn->sock[sockindex] = CURL_SOCKET_BAD;
break;
}
CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design This reverts commit cb3e6dfa3511 and instead fixes the problem differently. The reverted commit addressed a test failure in test 1021 by simplifying and generalizing the code flow in a way that damaged the performance. Now we modify the flow so that Curl_proxyCONNECT() again does as much as possible in one go, yet still do test 1021 with and without valgrind. It failed due to mistakes in the multi state machine. Bug: http://curl.haxx.se/bug/view.cgi?id=1397 Reported-by: Paul Saab
2014-07-19 17:58:58 -04:00
} /* END READING RESPONSE PHASE */
http-proxy: keep CONNECT connections alive (for NTLM) When doing CONNECT requests, libcurl must make sure the connection is alive as much as possible. NTLM requires it and it is generally good for other cases as well. NTLM over CONNECT requests has been broken since this regression I introduced in my CONNECT cleanup commits that started with 41b02378342, included since 7.25.0. Bug: http://curl.haxx.se/bug/view.cgi?id=3538625 Reported by: Marcel Raad
2012-07-05 05:10:50 -04:00
/* If we are supposed to continue and request a new URL, which basically
* means the HTTP authentication is still going on so if the tunnel
* is complete we start over in INIT state */
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
if(data->req.newurl && (TUNNEL_COMPLETE == s->tunnel_state)) {
connect_init(conn, TRUE); /* reinit */
http-proxy: keep CONNECT connections alive (for NTLM) When doing CONNECT requests, libcurl must make sure the connection is alive as much as possible. NTLM requires it and it is generally good for other cases as well. NTLM over CONNECT requests has been broken since this regression I introduced in my CONNECT cleanup commits that started with 41b02378342, included since 7.25.0. Bug: http://curl.haxx.se/bug/view.cgi?id=3538625 Reported by: Marcel Raad
2012-07-05 05:10:50 -04:00
}
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
} while(data->req.newurl);
http-proxy: treat all 2xx as CONNECT success Added test 1904 to verify. Reported-by: Lawrence Wagerfield Fixes #1859 Closes #1860
2017-09-04 04:45:02 -04:00
if(data->info.httpproxycode/100 != 2) {
CONNECT: keep close connection flag in http_connect_state struct Fixes #2088 Closes #2157
2017-12-05 22:15:31 -05:00
if(s->close_connection && data->req.newurl) {
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
conn->bits.proxy_connect_closed = TRUE;
CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design This reverts commit cb3e6dfa3511 and instead fixes the problem differently. The reverted commit addressed a test failure in test 1021 by simplifying and generalizing the code flow in a way that damaged the performance. Now we modify the flow so that Curl_proxyCONNECT() again does as much as possible in one go, yet still do test 1021 with and without valgrind. It failed due to mistakes in the multi state machine. Bug: http://curl.haxx.se/bug/view.cgi?id=1397 Reported-by: Paul Saab
2014-07-19 17:58:58 -04:00
infof(data, "Connect me again please\n");
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
connect_done(conn);
CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design This reverts commit cb3e6dfa3511 and instead fixes the problem differently. The reverted commit addressed a test failure in test 1021 by simplifying and generalizing the code flow in a way that damaged the performance. Now we modify the flow so that Curl_proxyCONNECT() again does as much as possible in one go, yet still do test 1021 with and without valgrind. It failed due to mistakes in the multi state machine. Bug: http://curl.haxx.se/bug/view.cgi?id=1397 Reported-by: Paul Saab
2014-07-19 17:58:58 -04:00
}
CONNECT: close proxy connections that fail to CONNECT This is usually due to failed auth. There's no point in us keeping such a connection alive since it shouldn't be re-used anyway. Bug: http://curl.haxx.se/bug/view.cgi?id=1381 Reported-by: Marcel Raad
2014-08-25 07:33:34 -04:00
else {
Bug #149: Deletion of unnecessary checks before calls of the function "free" The function "free" is documented in the way that no action shall occur for a passed null pointer. It is therefore not needed that a function caller repeats a corresponding check. http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first This issue was fixed by using the software Coccinelle 1.0.0-rc24. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-11 12:41:01 -04:00
free(data->req.newurl);
data->req.newurl = NULL;
CONNECT: close proxy connections that fail to CONNECT This is usually due to failed auth. There's no point in us keeping such a connection alive since it shouldn't be re-used anyway. Bug: http://curl.haxx.se/bug/view.cgi?id=1381 Reported-by: Marcel Raad
2014-08-25 07:33:34 -04:00
/* failure, close this connection to avoid re-use */
http2: make sure stream errors don't needlessly close the connection With HTTP/2 each transfer is made in an indivial logical stream over the connection, making most previous errors that caused the connection to get forced-closed now instead just kill the stream and not the connection. Fixes #941
2016-08-11 08:00:23 -04:00
streamclose(conn, "proxy CONNECT failure");
CONNECT: close proxy connections that fail to CONNECT This is usually due to failed auth. There's no point in us keeping such a connection alive since it shouldn't be re-used anyway. Bug: http://curl.haxx.se/bug/view.cgi?id=1381 Reported-by: Marcel Raad
2014-08-25 07:33:34 -04:00
Curl_closesocket(conn, conn->sock[sockindex]);
conn->sock[sockindex] = CURL_SOCKET_BAD;
always-multi: always use non-blocking internals Remove internal separated behavior of the easy vs multi intercace. curl_easy_perform() is now using the multi interface itself. Several minor multi interface quirks and bugs have been fixed in the process. Much help with debugging this has been provided by: Yang Tse
2013-01-17 06:59:23 -05:00
}
CONNECT: fix multi interface regression The refactoring of HTTP CONNECT handling in commit 41b0237834232 that made it protocol independent broke it for the multi interface. This fix now introduce a better state handling and moved some logic to the http_proxy.c source file. Reported by: Yang Tse Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-21 18:22:39 -04:00
/* to back to init state */
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->tunnel_state = TUNNEL_INIT;
CONNECT: fix multi interface regression The refactoring of HTTP CONNECT handling in commit 41b0237834232 that made it protocol independent broke it for the multi interface. This fix now introduce a better state handling and moved some logic to the http_proxy.c source file. Reported by: Yang Tse Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-21 18:22:39 -04:00
CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design This reverts commit cb3e6dfa3511 and instead fixes the problem differently. The reverted commit addressed a test failure in test 1021 by simplifying and generalizing the code flow in a way that damaged the performance. Now we modify the flow so that Curl_proxyCONNECT() again does as much as possible in one go, yet still do test 1021 with and without valgrind. It failed due to mistakes in the multi state machine. Bug: http://curl.haxx.se/bug/view.cgi?id=1397 Reported-by: Paul Saab
2014-07-19 17:58:58 -04:00
if(conn->bits.proxy_connect_closed)
/* this is not an error, just part of the connection negotiation */
return CURLE_OK;
Improve code readbility ... by removing the else branch after a return, break or continue. Closes #1310
2017-03-10 08:28:37 -05:00
failf(data, "Received HTTP code %d from proxy after CONNECT",
data->req.httpcode);
return CURLE_RECV_ERROR;
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
}
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
s->tunnel_state = TUNNEL_COMPLETE;
CONNECT: fix multi interface regression The refactoring of HTTP CONNECT handling in commit 41b0237834232 that made it protocol independent broke it for the multi interface. This fix now introduce a better state handling and moved some logic to the http_proxy.c source file. Reported by: Yang Tse Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-21 18:22:39 -04:00
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
/* If a proxy-authorization header was used for the proxy, then we should
make sure that it isn't accidentally used for the document request
after we've connected. So let's free and clear it here. */
Curl_safefree(conn->allocptr.proxyuserpwd);
conn->allocptr.proxyuserpwd = NULL;
data->state.authproxy.done = TRUE;
http-proxy: treat all 2xx as CONNECT success Added test 1904 to verify. Reported-by: Lawrence Wagerfield Fixes #1859 Closes #1860
2017-09-04 04:45:02 -04:00
infof(data, "Proxy replied %d to CONNECT request\n",
data->info.httpproxycode);
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
data->req.ignorebody = FALSE; /* put it (back) to non-ignore state */
Curl_proxyCONNECT: clear 'rewindaftersend' on success After having done a POST over a CONNECT request, the 'rewindaftersend' boolean could be holding the previous value which could lead to badness. This should be tested for in a new test case! Bug: https://groups.google.com/d/msg/msysgit/B31LNftR4BI/KhRTz0iuGmUJ
2013-03-18 17:40:35 -04:00
conn->bits.rewindaftersend = FALSE; /* make sure this isn't set for the
document request */
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
return CURLE_OK;
}
http-proxy: use a dedicated CONNECT response buffer To make it suitably independent of the receive buffer and its flexible size.
2017-04-24 19:03:17 -04:00
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
void Curl_connect_free(struct Curl_easy *data)
{
struct connectdata *conn = data->easy_conn;
struct http_connect_state *s = conn->connect_state;
if(s) {
free(s);
conn->connect_state = NULL;
}
}
http-proxy: use a dedicated CONNECT response buffer To make it suitably independent of the receive buffer and its flexible size.
2017-04-24 19:03:17 -04:00
/*
* Curl_proxyCONNECT() requires that we're connected to a HTTP proxy. This
* function will issue the necessary commands to get a seamless tunnel through
* this proxy. After that, the socket can be used just as a normal socket.
*/
CURLcode Curl_proxyCONNECT(struct connectdata *conn,
int sockindex,
const char *hostname,
int remote_port)
{
CURLcode result;
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
if(!conn->connect_state) {
result = connect_init(conn, FALSE);
if(result)
return result;
http-proxy: use a dedicated CONNECT response buffer To make it suitably independent of the receive buffer and its flexible size.
2017-04-24 19:03:17 -04:00
}
result = CONNECT(conn, sockindex, hostname, remote_port);
http-proxy: do the HTTP CONNECT process entirely non-blocking Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-07 17:02:26 -04:00
if(result || Curl_connect_complete(conn))
connect_done(conn);
http-proxy: use a dedicated CONNECT response buffer To make it suitably independent of the receive buffer and its flexible size.
2017-04-24 19:03:17 -04:00
return result;
}
http-proxy: fix build with --disable-proxy or --disable-http Reported-by: Dan Fandrich
2017-06-15 17:57:31 -04:00
#else
void Curl_connect_free(struct Curl_easy *data)
{
(void)data;
}
http-proxy: use a dedicated CONNECT response buffer To make it suitably independent of the receive buffer and its flexible size.
2017-04-24 19:03:17 -04:00
http-proxy: move proxy code to http_proxy.c The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-04-04 10:24:37 -04:00
#endif /* CURL_DISABLE_PROXY */