correctly support CURLOPT_HTTPPROXYTUNNEL for httpsfixes

Currently using an HTTP proxy with HTTPS results in unconditional
CONNECT usage, regardless of CURLOPT_HTTPPROXYTUNNEL. This patch
modifies libcurl to only use tunnel mode, when SSL is used and the
protocol is not HTTP. Setting CURLOPT_HTTPPROXYTUNNEL then forces the
use of CONNECT.

Signed-off-by: Sven Wegener <sven.wegener@stealer.net>

3 files changed, 3 insertions, 3 deletions

diff --git a/lib/http.c b/lib/http.c
index 0c12d1896..ccb347996 100644
--- a/lib/http.c
+++ b/lib/http.c
@@ -1321,7 +1321,7 @@ CURLcode Curl_http_connect(struct connectdata *conn, bool *done)
     /* nothing else to do except wait right now - we're not done here. */
     return CURLE_OK;
 
-  if(conn->given->flags & PROTOPT_SSL) {
+  if(conn->given->flags & PROTOPT_SSL && (conn->bits.tunnel_proxy || !conn->bits.httpproxy)) {
     /* perform SSL initialization */
     if(data->state.used_interface == Curl_if_multi) {
       result = https_connecting(conn, done);
diff --git a/lib/url.c b/lib/url.c
index b30a4fa51..1c07c2be8 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -5084,7 +5084,7 @@ static CURLcode create_conn(struct SessionHandle *data,
    * If the protocol is using SSL and HTTP proxy is used, we set
    * the tunnel_proxy bit.
    *************************************************************/
-  if((conn->given->flags&PROTOPT_SSL) && conn->bits.httpproxy)
+  if((conn->given->flags&PROTOPT_SSL) && conn->bits.httpproxy && !(conn->handler->protocol & CURLPROTO_HTTP))
     conn->bits.tunnel_proxy = TRUE;
 
   /*************************************************************
diff --git a/tests/data/test94 b/tests/data/test94
index a7bafa695..6dab986a2 100644
--- a/tests/data/test94
+++ b/tests/data/test94
@@ -34,7 +34,7 @@ SSL
 HTTPS GET with failed proxy auth (CONNECT 1.0)
  </name>
  <command>
-https://test.anything.really.com:94 --proxy1.0 %HOSTIP:%HTTPPORT
+https://test.anything.really.com:94 --proxy1.0 --proxytunnel %HOSTIP:%HTTPPORT
 </command>
 </client>