curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Configuring a HttpsProxyTunnel

From: Daniel Stenberg via curl-library <curl-library_at_cool.haxx.se>
Date: Thu, 5 Dec 2019 19:51:26 +0100 (CET)

On Thu, 5 Dec 2019, Gael GUEGAN via curl-library wrote:

> I am new in using the libcurl, and I would like to make a secured tunnel
> through a proxy. But before, I would like to be sure that it is possible to
> make one using libcurl.

First, make sure that you're really talking about a HTTPS proxy and not just
doing HTTPS through HTTP proxy. A HTTPS proxy speaks HTTPS to the proxy, which
still is an unusual setup.

> I have seen that it exists the option CURLOPT_HTTPPROXYTUNNEL.

Yes, but when you speak HTTPS through a HTTP(S) proxy, that is implied.

> Would it be sufficient to configure curl with the following options too make
> my tunnel secure ?
>
>
> * CURLOPT_HTTPPROXYTUNNEL = 1L

Not necessary.

> * CURLOPT_PROXYTYPE=CURLPROXY_HTTPS

Double-check that you really mean HTTPS and not HTTP.

> * CURLOPT_PROXY_SSLCERT
> * CURLOPT_PROXY_SSLCERTTYPE
> * CURLOPT_PROXY_SSLKEY
> * CURLOPT_PROXY_SSLKEYTYPE

These are for using client certificates (sometimes called mTLS, for mutual
authentication). If you need that, then yes use these options.

> * CURLOPT_PROXY_CAPATH

If you need to specify a custom path for your HTTPS proxy connection, sure.

> * CURLOPT_PROXY_SSL_CIPHER_LIST

If you need to especially customized what ciphers you want to accept for your
HTTPS proxy connection, then this is the right option.

> Are all these options enough ?

No, because none of them sets the actual proxy host name. Most of the other
options are optional, not required.

-- 
  / daniel.haxx.se | Get the best commercial curl support there is - from me
                   | Private help, bug fixes, support, ports, new features
                   | https://www.wolfssl.com/contact/
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html
Received on 2019-12-05