diff --git a/src/ChangeLog b/src/ChangeLog
index 2d3ed991..17d53ff6 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,12 @@
+2005-05-07  Hrvoje Niksic  <hniksic@xemacs.org>
+
+	* http.c (gethttp): When tunnelling SSL traffic over proxy with
+	CONNECT, we're really talking to the remote server directly.
+	Because of this, the request-line argument must be the URL path
+	rather than the whole URL, as it would be when using regular
+	proxies.
+	Reported by Charles Lane.
+
 2005-05-06  Hrvoje Niksic  <hniksic@xemacs.org>
 
 	* init.c (cmd_spec_useragent): Allow empty User-Agent.
diff --git a/src/http.c b/src/http.c
index d046eaea..33482a2a 100644
--- a/src/http.c
+++ b/src/http.c
@@ -1216,6 +1216,7 @@ gethttp (struct url *u, struct http_stat *hs, int *dt, struct url *proxy)
 
   req = request_new ();
   {
+    char *meth_arg;
     const char *meth = "GET";
     if (*dt & HEAD_ONLY)
       meth = "HEAD";
@@ -1224,8 +1225,18 @@ gethttp (struct url *u, struct http_stat *hs, int *dt, struct url *proxy)
     /* Use the full path, i.e. one that includes the leading slash and
        the query string.  E.g. if u->path is "foo/bar" and u->query is
        "param=value", full_path will be "/foo/bar?param=value".  */
-    request_set_method (req, meth,
-			proxy ? xstrdup (u->url) : url_full_path (u));
+    if (proxy
+#ifdef HAVE_SSL
+	/* When using SSL over proxy, CONNECT establishes a direct
+	   connection to the HTTPS server.  Therefore use the same
+	   argument as when talking to the server directly. */
+	&& u->scheme != SCHEME_HTTPS
+#endif
+	)
+      meth_arg = xstrdup (u->url);
+    else
+      meth_arg = url_full_path (u);
+    request_set_method (req, meth, meth_arg);
   }
 
   request_set_header (req, "Referer", (char *) hs->referer, rel_none);