diff options
| -rw-r--r-- | src/libwaitress/waitress.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/libwaitress/waitress.c b/src/libwaitress/waitress.c index 69c4d3a..851fa23 100644 --- a/src/libwaitress/waitress.c +++ b/src/libwaitress/waitress.c @@ -790,10 +790,18 @@ static WaitressReturn_t WaitressConnect (WaitressHandle_t *waith) { char buf[256]; size_t size; snprintf (buf, sizeof (buf), "CONNECT %s:%s HTTP/" - WAITRESS_HTTP_VERSION "\r\n\r\n", + WAITRESS_HTTP_VERSION "\r\n", waith->url.host, WaitressDefaultPort (&waith->url)); WaitressOrdinaryWrite (waith, buf, strlen (buf)); + /* write authorization headers */ + if (WaitressFormatAuthorization (waith, &waith->proxy, "Proxy-", + buf, WAITRESS_BUFFER_SIZE)) { + WaitressOrdinaryWrite (waith, buf, strlen (buf)); + } + + WaitressOrdinaryWrite (waith, "\r\n", 2); + WaitressOrdinaryRead (waith, buf, sizeof (buf)-1, &size); buf[size] = 0; if (WaitressParseStatusline (buf) != 200) { @@ -867,7 +875,9 @@ static WaitressReturn_t WaitressSendRequest (WaitressHandle_t *waith) { WAITRESS_BUFFER_SIZE)) { WRITE_RET (buf, strlen (buf)); } - if (WaitressFormatAuthorization (waith, &waith->proxy, "Proxy-", + /* don't leak proxy credentials to destination server if tls is used */ + if (!waith->url.tls && + WaitressFormatAuthorization (waith, &waith->proxy, "Proxy-", buf, WAITRESS_BUFFER_SIZE)) { WRITE_RET (buf, strlen (buf)); } |