On 2017-04-05 15:50, Ævar Arnfjörð Bjarmason wrote: > This effectively disables that code & this later check: > > + if (results->http_connectcode == 407) > + credential_reject(&proxy_auth); > > What's the impact of not taking that branch when the proxy returns a 407? We might be storing incorrect proxy credentials via the credential helper. If we can't get the proxy's connect code, we should probably invalidate proxy credentials whenever http_code indicates failure, since that's the only effect we'll see of a mistyped proxy password.