Use the CONNECT method to proxy HTTPS connections through HTTP proxies.

PR:		bin/80176
Submitted by:	Yuichiro NAITO <naito.yuichiro@gmail.com>

1 files changed, 13 insertions, 8 deletions

diff --git a/lib/libfetch/http.c b/lib/libfetch/http.c
index abf79a3..28c0e59 100644
--- a/lib/libfetch/http.c
+++ b/lib/libfetch/http.c
@@ -1373,6 +1373,7 @@ http_authorize(conn_t *conn, const char *hdr, http_auth_challenges_t *cs,
 static conn_t *
 http_connect(struct url *URL, struct url *purl, const char *flags)
 {
+	struct url *curl;
 	conn_t *conn;
 	int verbose;
 	int af, val;
@@ -1391,17 +1392,21 @@ http_connect(struct url *URL, struct url *purl, const char *flags)
 		af = AF_INET6;
 #endif
 
-	if (purl && strcasecmp(URL->scheme, SCHEME_HTTPS) != 0) {
-		URL = purl;
-	} else if (strcasecmp(URL->scheme, SCHEME_FTP) == 0) {
-		/* can't talk http to an ftp server */
-		/* XXX should set an error code */
-		return (NULL);
-	}
+	curl = (purl != NULL) ? purl : URL;
 
-	if ((conn = fetch_connect(URL->host, URL->port, af, verbose)) == NULL)
+	if ((conn = fetch_connect(curl->host, curl->port, af, verbose)) == NULL)
 		/* fetch_connect() has already set an error code */
 		return (NULL);
+	if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) {
+		http_cmd(conn, "CONNECT %s:%d HTTP/1.1",
+		    URL->host, URL->port);
+		http_cmd(conn, "");
+		if (http_get_reply(conn) != HTTP_OK) {
+			fetch_close(conn);
+			return (NULL);
+		}
+		http_get_reply(conn);
+	}
 	if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 &&
 	    fetch_ssl(conn, verbose) == -1) {
 		fetch_close(conn);