cfilter: re-add `conn` as parameter to cfilter setup methods

- `Curl_ssl_get_config()` now returns the first config if no SSL proxy
  filter is active

- socket filter starts connection only on first invocation of its
  connect method

Fixes #9982
Closes #9983

diff --git a/lib/cfilters.c b/lib/cfilters.c
index fe7624e835d8283429fb31b85397bcddcc16197d..2d04390c10a099e474fd0ddf0fa5e9509faf8d31 100644 (file)
--- a/lib/cfilters.c
+++ b/lib/cfilters.c
@@ -226,20 +226,22 @@ out:
   return result;
 }
 
-void Curl_conn_cf_add(struct Curl_easy *data, int index,
+void Curl_conn_cf_add(struct Curl_easy *data,
+                      struct connectdata *conn,
+                      int index,
                       struct Curl_cfilter *cf)
 {
   (void)data;
-  DEBUGF(infof(data, DMSGI(data, index, "cf_add(filter=%s)"),
-               cf->cft->name));
-
-  DEBUGASSERT(data->conn);
+  DEBUGASSERT(conn);
   DEBUGASSERT(!cf->conn);
   DEBUGASSERT(!cf->next);
-  cf->next = data->conn->cfilter[index];
-  cf->conn = data->conn;
+
+  DEBUGF(infof(data, CMSGI(conn, index, "cf_add(filter=%s)"),
+               cf->cft->name));
+  cf->next = conn->cfilter[index];
+  cf->conn = conn;
   cf->sockindex = index;
-  data->conn->cfilter[index] = cf;
+  conn->cfilter[index] = cf;
 }
 
 void Curl_conn_cf_discard(struct Curl_cfilter *cf, struct Curl_easy *data)
@@ -260,11 +262,11 @@ void Curl_conn_cf_discard(struct Curl_cfilter *cf, struct Curl_easy *data)
 }
 
 CURLcode Curl_conn_setup(struct Curl_easy *data,
+                         struct connectdata *conn,
                          int sockindex,
                          const struct Curl_dns_entry *remotehost,
                          int ssl_mode)
 {
-  struct connectdata *conn = data->conn;
   struct Curl_cfilter *cf;
   CURLcode result;
 
@@ -281,13 +283,13 @@ CURLcode Curl_conn_setup(struct Curl_easy *data,
    */
   if(!conn->cfilter[sockindex]) {
     DEBUGF(infof(data, DMSGI(data, sockindex, "setup, init filter chain")));
-    result = Curl_conn_socket_set(data, sockindex);
+    result = Curl_conn_socket_set(data, conn, sockindex);
     if(result)
       goto out;
 
 #ifndef CURL_DISABLE_PROXY
     if(conn->bits.socksproxy) {
-      result = Curl_conn_socks_proxy_add(data, sockindex);
+      result = Curl_conn_socks_proxy_add(data, conn, sockindex);
       if(result)
         goto out;
     }
@@ -295,7 +297,7 @@ CURLcode Curl_conn_setup(struct Curl_easy *data,
     if(conn->bits.httpproxy) {
 #ifdef USE_SSL
       if(conn->http_proxy.proxytype == CURLPROXY_HTTPS) {
-        result = Curl_ssl_cfilter_proxy_add(data, sockindex);
+        result = Curl_ssl_cfilter_proxy_add(data, conn, sockindex);
         if(result)
           goto out;
       }
@@ -303,7 +305,7 @@ CURLcode Curl_conn_setup(struct Curl_easy *data,
 
 #if !defined(CURL_DISABLE_HTTP)
       if(conn->bits.tunnel_proxy) {
-        result = Curl_conn_http_proxy_add(data, sockindex);
+        result = Curl_conn_http_proxy_add(data, conn, sockindex);
         if(result)
           goto out;
       }
@@ -315,7 +317,7 @@ CURLcode Curl_conn_setup(struct Curl_easy *data,
     if(ssl_mode == CURL_CF_SSL_ENABLE
       || (ssl_mode != CURL_CF_SSL_DISABLE
            && conn->handler->flags & PROTOPT_SSL)) {
-      result = Curl_ssl_cfilter_add(data, sockindex);
+      result = Curl_ssl_cfilter_add(data, conn, sockindex);
       if(result)
         goto out;
     }
@@ -325,7 +327,7 @@ CURLcode Curl_conn_setup(struct Curl_easy *data,
 
 #if !defined(CURL_DISABLE_PROXY) && !defined(CURL_DISABLE_HTTP)
     if(data->set.haproxyprotocol) {
-      result = Curl_conn_haproxy_add(data, sockindex);
+      result = Curl_conn_haproxy_add(data, conn, sockindex);
       if(result)
         goto out;
     }

diff --git a/lib/cfilters.h b/lib/cfilters.h
index 7e87781b8d2547ad8ee73b0d86d46de276580382..c339e46513fcf98524c535090c4b3e454fcd49b1 100644 (file)
--- a/lib/cfilters.h
+++ b/lib/cfilters.h
@@ -180,6 +180,7 @@ CURLcode Curl_cf_create(struct Curl_cfilter **pcf,
  * the start of the chain (top).
  */
 void Curl_conn_cf_add(struct Curl_easy *data,
+                      struct connectdata *conn,
                       int sockindex,
                       struct Curl_cfilter *cf);
 
@@ -208,6 +209,7 @@ void Curl_conn_cf_discard(struct Curl_cfilter *cf, struct Curl_easy *data);
  * suitable filter chain.
  */
 CURLcode Curl_conn_setup(struct Curl_easy *data,
+                         struct connectdata *conn,
                          int sockindex,
                          const struct Curl_dns_entry *remotehost,
                          int ssl_mode);

diff --git a/lib/connect.c b/lib/connect.c
index eed30680f181c6434bd3523a2bb546901196b046..9ec664ef5ff365e985324d1b13c64e80a04181cf 100644 (file)
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -1721,8 +1721,8 @@ static CURLcode socket_cf_setup(struct Curl_cfilter *cf,
                                 const struct Curl_dns_entry *remotehost)
 {
   struct socket_cf_ctx *ctx = cf->ctx;
-  bool done;
 
+  (void)data;
   DEBUGASSERT(ctx);
   if(ctx->remotehost != remotehost) {
     if(ctx->remotehost) {
@@ -1730,10 +1730,9 @@ static CURLcode socket_cf_setup(struct Curl_cfilter *cf,
     }
     ctx->remotehost = remotehost;
   }
-  /* we start connecting right on setup */
   DEBUGF(infof(data, CFMSG(cf, "setup(remotehost=%s)"),
          cf->conn->hostname_resolve));
-  return socket_cf_connect(cf, data, FALSE, &done);
+  return CURLE_OK;
 }
 
 static void socket_cf_close(struct Curl_cfilter *cf,
@@ -1828,6 +1827,7 @@ static const struct Curl_cftype cft_socket = {
 };
 
 CURLcode Curl_conn_socket_set(struct Curl_easy *data,
+                              struct connectdata *conn,
                               int sockindex)
 {
   CURLcode result;
@@ -1835,7 +1835,8 @@ CURLcode Curl_conn_socket_set(struct Curl_easy *data,
   struct socket_cf_ctx *scf_ctx = NULL;
 
   /* Need to be first */
-  DEBUGASSERT(!data->conn->cfilter[sockindex]);
+  DEBUGASSERT(conn);
+  DEBUGASSERT(!conn->cfilter[sockindex]);
   scf_ctx = calloc(sizeof(*scf_ctx), 1);
   if(!scf_ctx) {
     result = CURLE_OUT_OF_MEMORY;
@@ -1844,7 +1845,7 @@ CURLcode Curl_conn_socket_set(struct Curl_easy *data,
   result = Curl_cf_create(&cf, &cft_socket, scf_ctx);
   if(result)
     goto out;
-  Curl_conn_cf_add(data, sockindex, cf);
+  Curl_conn_cf_add(data, conn, sockindex, cf);
 
 out:
   if(result) {
@@ -1898,9 +1899,9 @@ static const struct Curl_cftype cft_socket_accept = {
 };
 
 CURLcode Curl_conn_socket_accepted_set(struct Curl_easy *data,
+                                       struct connectdata *conn,
                                        int sockindex, curl_socket_t *s)
 {
-  struct connectdata *conn = data->conn;
   CURLcode result;
   struct Curl_cfilter *cf = NULL;
   struct socket_cf_ctx *scf_ctx = NULL;
@@ -1922,7 +1923,7 @@ CURLcode Curl_conn_socket_accepted_set(struct Curl_easy *data,
     result = Curl_cf_create(&cf, &cft_socket_accept, scf_ctx);
     if(result)
       goto out;
-    Curl_conn_cf_add(data, sockindex, cf);
+    Curl_conn_cf_add(data, conn, sockindex, cf);
   }
 
    /* close any existing socket and replace */

diff --git a/lib/connect.h b/lib/connect.h
index 79f932a404ddcabbdbf345e05f5e3b0739704dfb..1e90a8561ec0e645ed3a5b128f9cdb006174bf04 100644 (file)
--- a/lib/connect.h
+++ b/lib/connect.h
@@ -149,9 +149,12 @@ void Curl_conncontrol(struct connectdata *conn,
 #endif
 
 CURLcode Curl_conn_socket_set(struct Curl_easy *data,
+                              struct connectdata *conn,
                               int sockindex);
 
 CURLcode Curl_conn_socket_accepted_set(struct Curl_easy *data,
-                                       int sockindex, curl_socket_t *s);
+                                       struct connectdata *conn,
+                                       int sockindex,
+                                       curl_socket_t *s);
 
 #endif /* HEADER_CURL_CONNECT_H */

diff --git a/lib/ftp.c b/lib/ftp.c
index f72d803bb1ee38d8bbe6b2c49bc8135f24ba9ca2..c6e31e1b64f1788bc8e7dc7b4e6a984d5f989950 100644 (file)
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -286,7 +286,7 @@ static CURLcode AcceptServerConnect(struct Curl_easy *data)
 
   (void)curlx_nonblock(s, TRUE); /* enable non-blocking */
   /* Replace any filter on SECONDARY with one listeing on this socket */
-  result = Curl_conn_socket_accepted_set(data, SECONDARYSOCKET, &s);
+  result = Curl_conn_socket_accepted_set(data, conn, SECONDARYSOCKET, &s);
   if(result)
     return result;
 
@@ -1267,7 +1267,8 @@ static CURLcode ftp_state_use_port(struct Curl_easy *data,
   ftpc->count1 = fcmd;
 
   /* Replace any filter on SECONDARY with one listeing on this socket */
-  result = Curl_conn_socket_accepted_set(data, SECONDARYSOCKET, &portsock);
+  result = Curl_conn_socket_accepted_set(data, conn, SECONDARYSOCKET,
+                                         &portsock);
   if(result)
     goto out;
   portsock = CURL_SOCKET_BAD; /* now held in filter */
@@ -1973,7 +1974,7 @@ static CURLcode ftp_state_pasv_resp(struct Curl_easy *data,
     }
   }
 
-  result = Curl_conn_setup(data, SECONDARYSOCKET, addr,
+  result = Curl_conn_setup(data, conn, SECONDARYSOCKET, addr,
                            conn->bits.ftp_use_data_ssl?
                            CURL_CF_SSL_ENABLE : CURL_CF_SSL_DISABLE);
 
@@ -2741,7 +2742,7 @@ static CURLcode ftp_statemachine(struct Curl_easy *data,
         /* this was BLOCKING, keep it so for now */
         bool done;
         if(!Curl_ssl_conn_is_ssl(data, FIRSTSOCKET)) {
-          result = Curl_ssl_cfilter_add(data, FIRSTSOCKET);
+          result = Curl_ssl_cfilter_add(data, conn, FIRSTSOCKET);
           if(result) {
             /* we failed and bail out */
             return CURLE_USE_SSL_FAILED;

diff --git a/lib/http.c b/lib/http.c
index 105e8cf8cf9cc4eda26939b7f96965f34917f7c8..66d3b4dd6448982769543b969100035a7990e3b2 100644 (file)
--- a/lib/http.c
+++ b/lib/http.c
@@ -219,7 +219,7 @@ const struct Curl_handler Curl_handler_wss = {
 #endif
 
 static CURLcode h3_setup_conn(struct Curl_easy *data,
-                                struct connectdata *conn)
+                              struct connectdata *conn)
 {
 #ifdef ENABLE_QUIC
   /* We want HTTP/3 directly, setup the filter chain ourself,
@@ -243,7 +243,7 @@ static CURLcode h3_setup_conn(struct Curl_easy *data,
 
   DEBUGF(infof(data, "HTTP/3 direct conn setup(conn #%ld, index=%d)",
          conn->connection_id, FIRSTSOCKET));
-  return Curl_conn_socket_set(data, FIRSTSOCKET);
+  return Curl_conn_socket_set(data, conn, FIRSTSOCKET);
 
 #else /* ENABLE_QUIC */
   (void)conn;

diff --git a/lib/http_proxy.c b/lib/http_proxy.c
index 53810b28380d12def9be96fe955d53fe9f6de8ec..0519c8ea871da4db69820191620f94fa28f6f840 100644 (file)
--- a/lib/http_proxy.c
+++ b/lib/http_proxy.c
@@ -1191,6 +1191,7 @@ static const struct Curl_cftype cft_http_proxy = {
 };
 
 CURLcode Curl_conn_http_proxy_add(struct Curl_easy *data,
+                                  struct connectdata *conn,
                                   int sockindex)
 {
   struct Curl_cfilter *cf;
@@ -1198,7 +1199,7 @@ CURLcode Curl_conn_http_proxy_add(struct Curl_easy *data,
 
   result = Curl_cf_create(&cf, &cft_http_proxy, NULL);
   if(!result)
-    Curl_conn_cf_add(data, sockindex, cf);
+    Curl_conn_cf_add(data, conn, sockindex, cf);
   return result;
 }
 
@@ -1275,6 +1276,7 @@ static const struct Curl_cftype cft_haproxy = {
 };
 
 CURLcode Curl_conn_haproxy_add(struct Curl_easy *data,
+                               struct connectdata *conn,
                                int sockindex)
 {
   struct Curl_cfilter *cf;
@@ -1282,7 +1284,7 @@ CURLcode Curl_conn_haproxy_add(struct Curl_easy *data,
 
   result = Curl_cf_create(&cf, &cft_haproxy, NULL);
   if(!result)
-    Curl_conn_cf_add(data, sockindex, cf);
+    Curl_conn_cf_add(data, conn, sockindex, cf);
   return result;
 }
 

diff --git a/lib/http_proxy.h b/lib/http_proxy.h
index ea59083640c0fc76bfaaa3c2e803130c60e21d35..dfdc0e72bae958cc7471f70db3a93381553da296 100644 (file)
--- a/lib/http_proxy.h
+++ b/lib/http_proxy.h
@@ -33,9 +33,11 @@
 #define PROXY_TIMEOUT (3600*1000)
 
 CURLcode Curl_conn_http_proxy_add(struct Curl_easy *data,
+                                  struct connectdata *conn,
                                   int sockindex);
 
 CURLcode Curl_conn_haproxy_add(struct Curl_easy *data,
+                               struct connectdata *conn,
                                int sockindex);
 
 #endif /* !CURL_DISABLE_PROXY && !CURL_DISABLE_HTTP */

diff --git a/lib/imap.c b/lib/imap.c
index 76012e02af94a2dfe65049ebed1163056fa87717..03dc19166b7962465c1420990986226195788876 100644 (file)
--- a/lib/imap.c
+++ b/lib/imap.c
@@ -477,7 +477,7 @@ static CURLcode imap_perform_upgrade_tls(struct Curl_easy *data,
   CURLcode result;
 
   if(!Curl_ssl_conn_is_ssl(data, FIRSTSOCKET)) {
-    result = Curl_ssl_cfilter_add(data, FIRSTSOCKET);
+    result = Curl_ssl_cfilter_add(data, conn, FIRSTSOCKET);
     if(result)
       goto out;
   }

diff --git a/lib/pop3.c b/lib/pop3.c
index b45f867fbc8446ead46a7450708e907fbe6023b7..e94d7e5cb66fa6ed2dc3981334b0c3d7207c2c2c 100644 (file)
--- a/lib/pop3.c
+++ b/lib/pop3.c
@@ -372,7 +372,7 @@ static CURLcode pop3_perform_upgrade_tls(struct Curl_easy *data,
   CURLcode result;
 
   if(!Curl_ssl_conn_is_ssl(data, FIRSTSOCKET)) {
-    result = Curl_ssl_cfilter_add(data, FIRSTSOCKET);
+    result = Curl_ssl_cfilter_add(data, conn, FIRSTSOCKET);
     if(result)
       goto out;
   }

diff --git a/lib/smtp.c b/lib/smtp.c
index 36f07ebadd4a56150c35e0421453dcbb71410767..cbaf482e9f08bb8baf91bba0321a4104fb07e0aa 100644 (file)
--- a/lib/smtp.c
+++ b/lib/smtp.c
@@ -399,7 +399,7 @@ static CURLcode smtp_perform_upgrade_tls(struct Curl_easy *data)
   CURLcode result;
 
   if(!Curl_ssl_conn_is_ssl(data, FIRSTSOCKET)) {
-    result = Curl_ssl_cfilter_add(data, FIRSTSOCKET);
+    result = Curl_ssl_cfilter_add(data, conn, FIRSTSOCKET);
     if(result)
       goto out;
   }

diff --git a/lib/socks.c b/lib/socks.c
index e0b1735a63cb4ef2f476716f0e1c6de1794d7380..ebce083c6826f8045457904770fd4abc49f0a3dd 100644 (file)
--- a/lib/socks.c
+++ b/lib/socks.c
@@ -1245,6 +1245,7 @@ static const struct Curl_cftype cft_socks_proxy = {
 };
 
 CURLcode Curl_conn_socks_proxy_add(struct Curl_easy *data,
+                                   struct connectdata *conn,
                                    int sockindex)
 {
   struct Curl_cfilter *cf;
@@ -1252,7 +1253,7 @@ CURLcode Curl_conn_socks_proxy_add(struct Curl_easy *data,
 
   result = Curl_cf_create(&cf, &cft_socks_proxy, NULL);
   if(!result)
-    Curl_conn_cf_add(data, sockindex, cf);
+    Curl_conn_cf_add(data, conn, sockindex, cf);
   return result;
 }
 

diff --git a/lib/socks.h b/lib/socks.h
index ddbb07cd75780a23026e0d265955d122874c18b6..2e2fa18f810ece986689571b77af3e3623a58cad 100644 (file)
--- a/lib/socks.h
+++ b/lib/socks.h
@@ -52,6 +52,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
 #endif
 
 CURLcode Curl_conn_socks_proxy_add(struct Curl_easy *data,
+                                   struct connectdata *conn,
                                    int sockindex);
 
 #endif /* CURL_DISABLE_PROXY */

diff --git a/lib/url.c b/lib/url.c
index 719bbeda53c1fd2bac18cbc1013aed3a4a8b6956..74201f9bb54e0a56c8cdcc05096f666c02b92658 100644 (file)
--- a/lib/url.c
+++ b/lib/url.c
@@ -4041,7 +4041,7 @@ CURLcode Curl_setup_conn(struct Curl_easy *data,
      is later set again for the progress meter purpose */
   conn->now = Curl_now();
   if(!conn->bits.reuse)
-    result = Curl_conn_setup(data, FIRSTSOCKET, conn->dns_entry,
+    result = Curl_conn_setup(data, conn, FIRSTSOCKET, conn->dns_entry,
                              CURL_CF_SSL_DEFAULT);
   /* not sure we need this flag to be passed around any more */
   *protocol_done = FALSE;

diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index 9ab54c6c30760ec716d7ad8218e2f9306fefd695..197624632d2dc9ee97de1f4162c97d34bfbcfeef 100644 (file)
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -1462,6 +1462,7 @@ static void reinit_hostname(struct Curl_cfilter *cf)
       connssl->port = (int)cf->conn->remote_port;
     }
   }
+  DEBUGASSERT(connssl->hostname);
 }
 
 static void ssl_cf_destroy(struct Curl_cfilter *cf, struct Curl_easy *data)
@@ -1504,17 +1505,20 @@ static CURLcode ssl_cf_connect(struct Curl_cfilter *cf,
   }
 
   (void)connssl;
+  DEBUGASSERT(data->conn);
+  DEBUGASSERT(data->conn == cf->conn);
   DEBUGASSERT(connssl);
-  /* TODO: right now we do not fully control when hostname is set, but
-   * copy it over again on each connect call. Esp. secondary chains seems
-   * to set it after the filters have been added */
-  reinit_hostname(cf);
+  DEBUGASSERT(cf->conn->host.name);
 
   result = cf->next->cft->connect(cf->next, data, blocking, done);
   if(result || !*done)
     return result;
 
+  /* TODO: right now we do not fully control when hostname is set,
+   * assign it on each connect call. */
+  reinit_hostname(cf);
   *done = FALSE;
+
   if(blocking) {
     result = ssl_connect(cf, data);
     *done = (result == CURLE_OK);
@@ -1628,6 +1632,7 @@ static const struct Curl_cftype cft_ssl_proxy = {
 };
 
 CURLcode Curl_ssl_cfilter_add(struct Curl_easy *data,
+                              struct connectdata *conn,
                               int sockindex)
 {
   struct Curl_cfilter *cf;
@@ -1645,9 +1650,8 @@ CURLcode Curl_ssl_cfilter_add(struct Curl_easy *data,
   if(result)
     goto out;
 
-  Curl_conn_cf_add(data, sockindex, cf);
+  Curl_conn_cf_add(data, conn, sockindex, cf);
 
-  reinit_hostname(cf);
   result = CURLE_OK;
 
 out:
@@ -1658,6 +1662,7 @@ out:
 
 #ifndef CURL_DISABLE_PROXY
 CURLcode Curl_ssl_cfilter_proxy_add(struct Curl_easy *data,
+                                    struct connectdata *conn,
                                     int sockindex)
 {
   struct Curl_cfilter *cf;
@@ -1674,9 +1679,8 @@ CURLcode Curl_ssl_cfilter_proxy_add(struct Curl_easy *data,
   if(result)
     goto out;
 
-  Curl_conn_cf_add(data, sockindex, cf);
+  Curl_conn_cf_add(data, conn, sockindex, cf);
 
-  reinit_hostname(cf);
   result = CURLE_OK;
 
 out:
@@ -1793,7 +1797,7 @@ Curl_ssl_get_config(struct Curl_easy *data, int sockindex)
   (void)data;
   DEBUGASSERT(data->conn);
   cf = get_ssl_cf_engaged(data->conn, sockindex);
-  return cf? Curl_ssl_cf_get_config(cf, data) : NULL;
+  return cf? Curl_ssl_cf_get_config(cf, data) : &data->set.ssl;
 }
 
 struct ssl_primary_config *

diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h
index 17c377095de56a953f0f7245823e5ec233f322b4..a3601babde5584cdb93a5de1defbc5b9f844c6d8 100644 (file)
--- a/lib/vtls/vtls.h
+++ b/lib/vtls/vtls.h
@@ -153,6 +153,7 @@ void Curl_free_multi_ssl_backend_data(struct multi_ssl_backend_data *mbackend);
 #define SSL_SHUTDOWN_TIMEOUT 10000 /* ms */
 
 CURLcode Curl_ssl_cfilter_add(struct Curl_easy *data,
+                              struct connectdata *conn,
                               int sockindex);
 
 CURLcode Curl_ssl_cfilter_remove(struct Curl_easy *data,
@@ -160,6 +161,7 @@ CURLcode Curl_ssl_cfilter_remove(struct Curl_easy *data,
 
 #ifndef CURL_DISABLE_PROXY
 CURLcode Curl_ssl_cfilter_proxy_add(struct Curl_easy *data,
+                                    struct connectdata *conn,
                                     int sockindex);
 #endif /* !CURL_DISABLE_PROXY */
 
@@ -239,8 +241,8 @@ bool Curl_ssl_use(struct connectdata *conn, int sockindex);
 #define Curl_ssl_get_backend_data_size(a) 0
 #define Curl_ssl_use(a,b) FALSE
 #define Curl_ssl_conn_is_ssl(a,b) FALSE
-#define Curl_ssl_cfilter_add(a,b) CURLE_NOT_BUILT_IN
-#define Curl_ssl_cfilter_proxy_add(a,b) CURLE_NOT_BUILT_IN
+#define Curl_ssl_cfilter_add(a,b,c) CURLE_NOT_BUILT_IN
+#define Curl_ssl_cfilter_proxy_add(a,b,c) CURLE_NOT_BUILT_IN
 #define Curl_ssl_get_config(a,b) NULL
 #define Curl_ssl_cfilter_remove(a,b) CURLE_OK
 #endif