cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: HTTPS connection from libcurl client to proxy

From: Vijay Panghal <vijay.panghal_at_gmail.com>
Date: Mon, 25 Aug 2014 10:38:36 -0700

Hi Daniel,

I would like to pick this for next release. But before I proceed,I would
like to know your opinions.

I think this is current state of support of proxy in libCurl.

1. Both location and proxy url are http
libCurl supports this with CURLPROXY_HTTP.

2. location url is https and proxy url is http
libCurl supports this with HTTP CONNECT. This will setup end to end tunnel
between end hosts.

3. location url is https and proxy url is https
libCurl does not support this. This will be useful for creating encrypted
tunnel between client to proxy (without HTTP CONNECT) which allow caching
content.
http://wiki.squid-cache.org/Features/HTTPS#Encrypted_browser-Squid_connection

4. location url is http and proxy url is https
libCurl does not support this.

I want to add support for (3) and (4). From my initial investigation and
prototyping, I see these changes are required:
- Add another proxy type CURLPROXY_HTTPS in curl_proxytype
- Set connection boolean value httpsproxy in ConnectBits if proxy type is
CURLPROXY_HTTPS
- Set the httpsproxy, if proxy url protocol is https in detect_proxy()
- Then process httpsproxy bit per connection while connecting to Proxy

I am attaching the initial patch that I tested in production environment
that does these things and it work well for me[I have not tested
authenticated https proxy]. I will be adding unit tests for this. Let me
know what you think?

Regards
Vijay

On Tue, Aug 5, 2014 at 2:51 AM, Girish Aher <girishaher_at_gmail.com> wrote:

> Ok, thank you for the response Daniel.
>
>
> On Tue, Aug 5, 2014 at 3:04 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
>
>> On Tue, 5 Aug 2014, Girish Aher wrote:
>>
>> Is there a way I (my libcurl client) could talk to a web proxy listening
>>> on HTTPS? i.e. the connection to the proxy is HTTPS irrespective of whether
>>> the protocol to the destination server is https or http.
>>>
>>
>> No, that's unfortunately not supported (yet). We have it mentioned in the
>> Roadmap document[1] as something we want and intend to work on in the short
>> term future. We appreciate all the help we can get!
>>
>> [1] = https://github.com/bagder/curl/blob/master/docs/ROADMAP.md
>>
>> --
>>
>> / daniel.haxx.se
>> -------------------------------------------------------------------
>> List admin: http://cool.haxx.se/list/listinfo/curl-library
>> Etiquette: http://curl.haxx.se/mail/etiquette.html
>
>
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

application/octet-stream attachment: 0001-https-proxy-Add-support-for-https-proxy.patch

Received on 2014-08-25

This message: [ Message body ]
Next message: Guilherme Versiani: "Experimental feature: cURL over TURN"
Previous message: Tatsuhiro Tsujikawa: "[PATCH] Compile with latest nghttp2"
In reply to: Girish Aher: "Re: HTTPS connection from libcurl client to proxy"
Next in thread: Daniel Stenberg: "Re: HTTPS connection from libcurl client to proxy"
Reply: Daniel Stenberg: "Re: HTTPS connection from libcurl client to proxy"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]