]> granicus.if.org Git - curl/commitdiff
projects / curl / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f94fcdb)
HTTPS-Proxy: don't offer h2 for https proxy connections
authorJay Satiro <raysatiro@yahoo.com>
Tue, 14 Mar 2017 07:03:46 +0000 (03:03 -0400)
committerDaniel Stenberg <daniel@haxx.se>
Fri, 16 Jun 2017 10:16:41 +0000 (12:16 +0200)
Bug: https://github.com/curl/curl/issues/1254

Closes #1546

lib/vtls/gtls.c patch | blob | history
lib/vtls/nss.c patch | blob | history
lib/vtls/openssl.c patch | blob | history

diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c
index 844be2de106b9ab8bf466bf84c51644cd44f556e..cbbb61f76f26cab5970f3bd62c8a2fa920bddf31 100644 (file)
--- a/lib/vtls/gtls.c
+++ b/lib/vtls/gtls.c
@@ -763,7 +763,8 @@ gtls_connect_step1(struct connectdata *conn,
     gnutls_datum_t protocols[2];
 
 #ifdef USE_NGHTTP2
-    if(data->set.httpversion >= CURL_HTTP_VERSION_2) {
+    if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+       (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
       protocols[cur].data = (unsigned char *)NGHTTP2_PROTO_VERSION_ID;
       protocols[cur].size = NGHTTP2_PROTO_VERSION_ID_LEN;
       cur++;
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index cd0138930997dbd0fcb9c70c3ed9f477f22893c0..0097caf01756a74fd40f6888198bb7b1b947df12 100644 (file)
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -1992,7 +1992,8 @@ static CURLcode nss_setup_connect(struct connectdata *conn, int sockindex)
     unsigned char protocols[128];
 
 #ifdef USE_NGHTTP2
-    if(data->set.httpversion >= CURL_HTTP_VERSION_2) {
+    if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+       (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
       protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
       memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
           NGHTTP2_PROTO_VERSION_ID_LEN);
diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index dbee369297e7684d66d328c35a7230790a94ad3b..11419f4889e849241a371c45717bc1ea626994db 100644 (file)
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -2057,7 +2057,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex)
     unsigned char protocols[128];
 
 #ifdef USE_NGHTTP2
-    if(data->set.httpversion >= CURL_HTTP_VERSION_2) {
+    if(data->set.httpversion >= CURL_HTTP_VERSION_2 &&
+       (!SSL_IS_PROXY() || !conn->bits.tunnel_proxy)) {
       protocols[cur++] = NGHTTP2_PROTO_VERSION_ID_LEN;
 
       memcpy(&protocols[cur], NGHTTP2_PROTO_VERSION_ID,
Unnamed repository; edit this file 'description' to name the repository.