Commit a96319eb authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

proxy: reject attempts to use unsupported proxy schemes 

I discovered some people have been using "https://example.com" style
strings as proxy and it "works" (curl doesn't complain) because curl
ignores unknown schemes and then assumes plain HTTP instead.

I think this misleads users into believing curl uses HTTPS to proxies
when it doesn't. Now curl rejects proxy strings using unsupported
schemes instead of just ignoring and defaulting to HTTP.
parent a5174b02

lib/url.c

+7 −1
Original line number Diff line number Diff line
@@ -4706,7 +4706,13 @@ static CURLcode parse_proxy(struct Curl_easy *data, 
      conn->proxytype = CURLPROXY_SOCKS4A;

    else if(checkprefix("socks4", proxy) || checkprefix("socks", proxy))

      conn->proxytype = CURLPROXY_SOCKS4;

    /* Any other xxx:// : change to http proxy */

    else if(checkprefix("http:", proxy))

      ; /* leave it as HTTP or HTTP/1.0 */

    else {

      /* Any other xxx:// reject! */

      failf(data, "No support for proxy over the \'%s\' scheme", proxy);

      return CURLE_COULDNT_CONNECT;

    }

  }

  else

    proxyptr = proxy; /* No xxx:// head: It's a HTTP proxy */