Git has been taught to support an https:// used for http.proxy when using recent versions of libcurl. To use https proxy with self-signed certs, we need a way to unset CURLOPT_PROXY_SSL_VERIFYPEER and CURLOPT_PROXY_SSL_VERIFYHOST just like direct SSL connection. This is required if we want use t/lib-httpd to test proxy. In this patch I reuse http.sslverify to do this, do we need an independent option like http.sslproxyverify? To fully support https proxy, we also need ways to set more options such as CURLOPT_PROXY_SSLCERT. However, I'm not sure if we need to support them. Signed-off-by: Wei Shuyu <wsy@xxxxxxxxxx> --- http.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/http.c b/http.c index 215bebef1..d8a5e48f0 100644 --- a/http.c +++ b/http.c @@ -708,6 +708,10 @@ static CURL *get_curl_handle(void) if (!curl_ssl_verify) { curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 0); curl_easy_setopt(result, CURLOPT_SSL_VERIFYHOST, 0); +#if LIBCURL_VERSION_NUM >= 0x073400 + curl_easy_setopt(result, CURLOPT_PROXY_SSL_VERIFYPEER, 0); + curl_easy_setopt(result, CURLOPT_PROXY_SSL_VERIFYHOST, 0); +#endif } else { /* Verify authenticity of the peer's certificate */ curl_easy_setopt(result, CURLOPT_SSL_VERIFYPEER, 1); @@ -865,6 +869,11 @@ static CURL *get_curl_handle(void) else if (starts_with(curl_http_proxy, "socks")) curl_easy_setopt(result, CURLOPT_PROXYTYPE, CURLPROXY_SOCKS4); +#endif +#if LIBCURL_VERSION_NUM >= 0x073400 + else if (starts_with(curl_http_proxy, "https")) + curl_easy_setopt(result, + CURLOPT_PROXYTYPE, CURLPROXY_HTTPS); #endif if (strstr(curl_http_proxy, "://")) credential_from_url(&proxy_auth, curl_http_proxy); -- 2.15.1