haxproxy: send before TLS handhshake

- reverse order of haproxy and final ssl cfilter

- make haproxy avaiable on PROXY builds, independent of HTTP support as
  it can be used with any protocol.

Reported-by: Sergio-IME on github
Fixes #10165
Closes #10167

diff --git a/lib/cfilters.c b/lib/cfilters.c
index 8b05fbc8f4381bb5f457881ae848a4f9d1872df4..348c09d7e44b1f7c5607a5f30eb6c191849bc3e4 100644 (file)
--- a/lib/cfilters.c
+++ b/lib/cfilters.c
@@ -319,7 +319,14 @@ CURLcode Curl_conn_setup(struct Curl_easy *data,
         if(result)
           goto out;
       }
+    }
 #endif /* !CURL_DISABLE_HTTP */
+
+    /* HAProxy protocol comes *before* SSL, see #10165 */
+    if(data->set.haproxyprotocol) {
+      result = Curl_conn_haproxy_add(data, conn, sockindex);
+      if(result)
+        goto out;
     }
 #endif /* !CURL_DISABLE_PROXY */
 
@@ -335,14 +342,6 @@ CURLcode Curl_conn_setup(struct Curl_easy *data,
     (void)ssl_mode;
 #endif /* USE_SSL */
 
-#if !defined(CURL_DISABLE_PROXY) && !defined(CURL_DISABLE_HTTP)
-    if(data->set.haproxyprotocol) {
-      result = Curl_conn_haproxy_add(data, conn, sockindex);
-      if(result)
-        goto out;
-    }
-#endif /* !CURL_DISABLE_PROXY && !CURL_DISABLE_HTTP */
-
   }
   DEBUGASSERT(conn->cfilter[sockindex]);
   cf = data->conn->cfilter[sockindex];

diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index e30730acabdc8715b34fc32c30c689918353c597..56a7bd4aaf50ccbbe99411119b8593709fc30413 100644 (file)
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -1195,6 +1195,9 @@ CURLcode Curl_conn_http_proxy_add(struct Curl_easy *data,
   return result;
 }
 
+#endif /* !CURL_DISABLE_PROXY &6 ! CURL_DISABLE_HTTP */
+
+#if !defined(CURL_DISABLE_PROXY)
 
 static CURLcode send_haproxy_header(struct Curl_cfilter*cf,
                                     struct Curl_easy *data)
@@ -1280,4 +1283,4 @@ CURLcode Curl_conn_haproxy_add(struct Curl_easy *data,
   return result;
 }
 
-#endif /* !CURL_DISABLE_PROXY &6 ! CURL_DISABLE_HTTP */
+#endif /* !CURL_DISABLE_PROXY */

diff --git a/lib/http_proxy.h b/lib/http_proxy.h
index dfdc0e72bae958cc7471f70db3a93381553da296..935ae01524c4d2caa5b08d176f8b7c06acae5093 100644 (file)
--- a/lib/http_proxy.h
+++ b/lib/http_proxy.h
@@ -27,19 +27,21 @@
 #include "curl_setup.h"
 #include "urldata.h"
 
-#if !defined(CURL_DISABLE_PROXY) && !defined(CURL_DISABLE_HTTP)
+#if !defined(CURL_DISABLE_PROXY)
 
+#if !defined(CURL_DISABLE_HTTP)
 /* Default proxy timeout in milliseconds */
 #define PROXY_TIMEOUT (3600*1000)
 
 CURLcode Curl_conn_http_proxy_add(struct Curl_easy *data,
                                   struct connectdata *conn,
                                   int sockindex);
+#endif /* !CURL_DISABLE_HTTP */
 
 CURLcode Curl_conn_haproxy_add(struct Curl_easy *data,
                                struct connectdata *conn,
                                int sockindex);
 
-#endif /* !CURL_DISABLE_PROXY && !CURL_DISABLE_HTTP */
+#endif /* !CURL_DISABLE_PROXY */
 
 #endif /* HEADER_CURL_HTTP_PROXY_H */