From 826f08af2e010c30063cbb29dc529cb8992b6b86 Mon Sep 17 00:00:00 2001
From: Michał Cichoń <thedmd@interia.pl>
Date: Sat, 12 Nov 2011 14:22:42 +0100
Subject: waitress: Add proxy authorization support again

Original patch slightly adjusted.
---
 src/libwaitress/waitress.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/libwaitress/waitress.c b/src/libwaitress/waitress.c
index 69c4d3a..851fa23 100644
--- a/src/libwaitress/waitress.c
+++ b/src/libwaitress/waitress.c
@@ -790,10 +790,18 @@ static WaitressReturn_t WaitressConnect (WaitressHandle_t *waith) {
 			char buf[256];
 			size_t size;
 			snprintf (buf, sizeof (buf), "CONNECT %s:%s HTTP/"
-					WAITRESS_HTTP_VERSION "\r\n\r\n",
+					WAITRESS_HTTP_VERSION "\r\n",
 					waith->url.host, WaitressDefaultPort (&waith->url));
 			WaitressOrdinaryWrite (waith, buf, strlen (buf));
 
+			/* write authorization headers */
+			if (WaitressFormatAuthorization (waith, &waith->proxy, "Proxy-",
+					buf, WAITRESS_BUFFER_SIZE)) {
+				WaitressOrdinaryWrite (waith, buf, strlen (buf));
+			}
+
+			WaitressOrdinaryWrite (waith, "\r\n", 2);
+
 			WaitressOrdinaryRead (waith, buf, sizeof (buf)-1, &size);
 			buf[size] = 0;
 			if (WaitressParseStatusline (buf) != 200) {
@@ -867,7 +875,9 @@ static WaitressReturn_t WaitressSendRequest (WaitressHandle_t *waith) {
 			WAITRESS_BUFFER_SIZE)) {
 		WRITE_RET (buf, strlen (buf));
 	}
-	if (WaitressFormatAuthorization (waith, &waith->proxy, "Proxy-",
+	/* don't leak proxy credentials to destination server if tls is used */
+	if (!waith->url.tls &&
+			WaitressFormatAuthorization (waith, &waith->proxy, "Proxy-",
 			buf, WAITRESS_BUFFER_SIZE)) {
 		WRITE_RET (buf, strlen (buf));
 	}
-- 
cgit v1.2.3