curl / Mailing Lists / curl-library / Single Mail

curl-library

Re: HTTPS proxy, another take

From: Dmitry Bakshaev <dab1818_at_gmail.com>
Date: Tue, 29 Nov 2016 10:42:05 +0400

client:
curl 7.52.0-DEV (x86_64-pc-linux-gnu) libcurl/7.52.0-DEV OpenSSL/1.0.1h
zlib/1.2.8
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp
smtp smtps telnet tftp
Features: AsynchDNS Largefile NTLM SSL libz TLS-SRP UnixSockets HTTPS-proxy

proxy-server:
squid-3.3.12 with http-md5-digest auth and https_port enabled.

test 1 (PEM cert):
curl -v --proxy-cacert /etc/ssl/certs/ourCAbundle.crt --proxy-cert
~/.certs/my.pem --proxy https://myproxy:3129 --proxy-digest --proxy-user
$USER --location https://www.google.com/

"Enter proxy password for user" appears once,
but "Enter PEM pass phrase" appears twice,
second on "302 Found...Location" reply from google.

test 2 (PKCS12 cert):
curl -v --proxy-cacert /etc/ssl/certs/ourCAbundle.crt --proxy-cert
~/.certs/my.p12 --proxy-cert-type P12 --proxy https://myproxy:3129
--proxy-digest --proxy-user $USER --location https://www.google.com/

curl asks "Enter proxy password for user" and stops:
"curl: (58) could not parse PKCS12 file, check password, OpenSSL error
error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure"
( same behavior as explained in https://github.com/curl/curl/pull/919 )

all works fine if cert password specified on command line : --proxy-cert
"my.pem:password" or --proxy-cert "my.p12:password"

2016-11-25 2:48 GMT+04:00 Daniel Stenberg <daniel_at_haxx.se>:

> On Thu, 24 Nov 2016, Daniel Stenberg wrote:
>
> I plan to merge this within 24 hours or so
>>
>
> Inintial HTTPS proxy support has now been merged. Let's fix the
> outstanding quirks and TODOs now!
>
> --
>
> / daniel.haxx.se
> -------------------------------------------------------------------
> List admin: https://cool.haxx.se/list/listinfo/curl-library
> Etiquette: https://curl.haxx.se/mail/etiquette.html

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-11-29