From 17c5d05285cfadb0e898c3231346fc29b23b0690 Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Tue, 14 Mar 2017 03:03:46 -0400 Subject: [PATCH] HTTPS-Proxy: don't offer h2 for https proxy connections Bug: https://github.com/curl/curl/issues/1254 Closes #1546 --- lib/vtls/gtls.c | 3 ++- lib/vtls/nss.c | 3 ++- lib/vtls/openssl.c | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 844be2de1..cbbb61f76 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -763,7 +763,8 @@ gtls_connect_step1(struct connectdata *conn, gnutls_datum_t protocols[2]; #ifdef USE_NGHTTP2 - if(data->set.httpversion >= CURL_HTTP_VERSION_2) { + if(data->set.httpversion >= CURL_HTTP_VERSION_2 && + (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) { protocols[cur].data = (unsigned char *)NGHTTP2_PROTO_VERSION_ID; protocols[cur].size = NGHTTP2_PROTO_VERSION_ID_LEN; cur++; diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index cd0138930..0097caf01 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -1992,7 +1992,8 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex) unsigned char protocols[128]; #ifdef USE_NGHTTP2 - if(data->set.httpversion >= CURL_HTTP_VERSION_2) { + if(data->set.httpversion >= CURL_HTTP_VERSION_2 && + (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) { protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN; memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID, NGHTTP2_PROTO_VERSION_ID_LEN); diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index dbee36929..11419f488 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -2057,7 +2057,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) unsigned char protocols[128]; #ifdef USE_NGHTTP2 - if(data->set.httpversion >= CURL_HTTP_VERSION_2) { + if(data->set.httpversion >= CURL_HTTP_VERSION_2 && + (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) { protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN; memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,