diff --git a/configure.ac b/configure.ac index 5a8057f61..7eff485b7 100644 --- a/configure.ac +++ b/configure.ac @@ -3710,6 +3710,11 @@ if test "x$USE_NGHTTP2" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES HTTP2" fi +if test "x$OPENSSL_ENABLED" = "x1" -o "x$GNUTLS_ENABLED" = "x1" \ + -o "x$NSS_ENABLED" = "x1"; then + SUPPORT_FEATURES="$SUPPORT_FEATURES HTTPS-proxy" +fi + AC_SUBST(SUPPORT_FEATURES) dnl For supported protocols in pkg-config file diff --git a/docs/libcurl/curl_version_info.3 b/docs/libcurl/curl_version_info.3 index 5244c21b8..ebb11c33b 100644 --- a/docs/libcurl/curl_version_info.3 +++ b/docs/libcurl/curl_version_info.3 @@ -153,6 +153,9 @@ libcurl was built with support for Unix domain sockets. libcurl was built with support for Mozilla's Public Suffix List. This makes libcurl ignore cookies with a domain that's on the list. (Added in 7.47.0) +.IP CURL_VERSION_HTTPS_PROXY +libcurl was built with support for HTTPS-proxy. +(Added in 7.52.0) .RE \fIssl_version\fP is an ASCII string for the OpenSSL version used. If libcurl has no SSL support, this is NULL. diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions index c7cd5a8f3..3dbba8676 100644 --- a/docs/libcurl/symbols-in-versions +++ b/docs/libcurl/symbols-in-versions @@ -810,6 +810,7 @@ CURL_VERSION_DEBUG 7.10.6 CURL_VERSION_GSSAPI 7.38.0 CURL_VERSION_GSSNEGOTIATE 7.10.6 7.38.0 CURL_VERSION_HTTP2 7.33.0 +CURL_VERSION_HTTPS_PROXY 7.52.0 CURL_VERSION_IDN 7.12.0 CURL_VERSION_IPV6 7.10 CURL_VERSION_KERBEROS4 7.10 7.33.0 diff --git a/include/curl/curl.h b/include/curl/curl.h index c8b85069c..331bec6e2 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -640,7 +640,7 @@ typedef enum { CONNECT HTTP/1.1 */ CURLPROXY_HTTP_1_0 = 1, /* added in 7.19.4, force to use CONNECT HTTP/1.0 */ - CURLPROXY_HTTPS = 2, /* added in TBD */ + CURLPROXY_HTTPS = 2, /* added in 7.52.0 */ CURLPROXY_SOCKS4 = 4, /* support added in 7.15.2, enum existed already in 7.10 */ CURLPROXY_SOCKS5 = 5, /* added in 7.10 */ @@ -2446,6 +2446,7 @@ typedef struct { #define CURL_VERSION_UNIX_SOCKETS (1<<19) /* Unix domain sockets support */ #define CURL_VERSION_PSL (1<<20) /* Mozilla's Public Suffix List, used for cookie domain verification */ +#define CURL_VERSION_HTTPS_PROXY (1<<21) /* HTTPS-proxy support built-in */ /* * NAME curl_version_info() diff --git a/lib/url.c b/lib/url.c index 675d7ee57..c1c3a931b 100644 --- a/lib/url.c +++ b/lib/url.c @@ -4924,6 +4924,14 @@ static CURLcode parse_proxy(struct Curl_easy *data, else proxyptr = proxy; /* No xxx:// head: It's a HTTP proxy */ +#ifndef HTTPS_PROXY_SUPPORT + if(proxytype == CURLPROXY_HTTPS) { + failf(data, "Unsupported proxy \'%s\'" + ", libcurl is built without the HTTPS-proxy support.", proxy); + return CURLE_NOT_BUILT_IN; + } +#endif + sockstype = proxytype == CURLPROXY_SOCKS5_HOSTNAME || proxytype == CURLPROXY_SOCKS5 || proxytype == CURLPROXY_SOCKS4A || diff --git a/lib/version.c b/lib/version.c index a434a6287..3d1776813 100644 --- a/lib/version.c +++ b/lib/version.c @@ -323,6 +323,9 @@ static curl_version_info_data version_info = { #endif #if defined(USE_LIBPSL) | CURL_VERSION_PSL +#endif +#if defined(HTTPS_PROXY_SUPPORT) + | CURL_VERSION_HTTPS_PROXY #endif , NULL, /* ssl_version */ diff --git a/lib/vtls/gskit.h b/lib/vtls/gskit.h index e258a29f1..229759217 100644 --- a/lib/vtls/gskit.h +++ b/lib/vtls/gskit.h @@ -41,6 +41,9 @@ int Curl_gskit_shutdown(struct connectdata *conn, int sockindex); size_t Curl_gskit_version(char *buffer, size_t size); int Curl_gskit_check_cxn(struct connectdata *cxn); +/* Support HTTPS-proxy */ +/* TODO: add '#define HTTPS_PROXY_SUPPORT 1' and fix test #1014 (if need) */ + /* Set the API backend definition to GSKit */ #define CURL_SSL_BACKEND CURLSSLBACKEND_GSKIT diff --git a/lib/vtls/gtls.h b/lib/vtls/gtls.h index e3d58531f..65312017e 100644 --- a/lib/vtls/gtls.h +++ b/lib/vtls/gtls.h @@ -57,6 +57,9 @@ void Curl_gtls_sha256sum(const unsigned char *tmp, /* input */ bool Curl_gtls_cert_status_request(void); +/* Support HTTPS-proxy */ +#define HTTPS_PROXY_SUPPORT 1 + /* Set the API backend definition to GnuTLS */ #define CURL_SSL_BACKEND CURLSSLBACKEND_GNUTLS diff --git a/lib/vtls/nssg.h b/lib/vtls/nssg.h index ac67e6ab7..fd94003fb 100644 --- a/lib/vtls/nssg.h +++ b/lib/vtls/nssg.h @@ -65,6 +65,9 @@ bool Curl_nss_cert_status_request(void); bool Curl_nss_false_start(void); +/* Support HTTPS-proxy */ +#define HTTPS_PROXY_SUPPORT 1 + /* Set the API backend definition to NSS */ #define CURL_SSL_BACKEND CURLSSLBACKEND_NSS diff --git a/lib/vtls/openssl.h b/lib/vtls/openssl.h index ee18e710f..cff1e909c 100644 --- a/lib/vtls/openssl.h +++ b/lib/vtls/openssl.h @@ -79,6 +79,9 @@ void Curl_ossl_sha256sum(const unsigned char *tmp, /* input */ bool Curl_ossl_cert_status_request(void); +/* Support HTTPS-proxy */ +#define HTTPS_PROXY_SUPPORT 1 + /* Set the API backend definition to OpenSSL */ #define CURL_SSL_BACKEND CURLSSLBACKEND_OPENSSL diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index e8fd3cf43..b808e1c5f 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -187,8 +187,7 @@ ssl_connect_init_proxy(struct connectdata *conn, int sockindex) DEBUGASSERT(conn->bits.proxy_ssl_connected[sockindex]); if(ssl_connection_complete == conn->ssl[sockindex].state && !conn->proxy_ssl[sockindex].use) { -#if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_NSS) || \ - defined(USE_GSKIT) +#if defined(HTTPS_PROXY_SUPPORT) conn->proxy_ssl[sockindex] = conn->ssl[sockindex]; memset(&conn->ssl[sockindex], 0, sizeof(conn->ssl[sockindex])); #else diff --git a/src/tool_help.c b/src/tool_help.c index 39a51784a..992a969ce 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -317,6 +317,7 @@ static const struct feat feats[] = { {"TLS-SRP", CURL_VERSION_TLSAUTH_SRP}, {"HTTP2", CURL_VERSION_HTTP2}, {"UnixSockets", CURL_VERSION_UNIX_SOCKETS}, + {"HTTPS-proxy", CURL_VERSION_HTTPS_PROXY} }; void tool_help(void)