From 74a299eef7e23f28b2b74c4dd1ef4e1132270dbb Mon Sep 17 00:00:00 2001 From: Karl Seguin Date: Mon, 7 Jul 2025 11:03:04 +0800 Subject: [PATCH 1/3] Fix non-tls forward-proxy --- src/http/client.zig | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/http/client.zig b/src/http/client.zig index 462a26e7f..c3dbb41bd 100644 --- a/src/http/client.zig +++ b/src/http/client.zig @@ -236,7 +236,7 @@ pub const Client = struct { return proxy_type == .connect; } - fn isSimpleProxy(self: *const Client) bool { + fn isForwardProxy(self: *const Client) bool { const proxy_type = self.proxy_type orelse return false; return proxy_type == .forward; } @@ -711,7 +711,7 @@ pub const Request = struct { } } } - if (self._request_secure and !self._proxy_secure) { + if (self._request_secure and !self._proxy_secure and !self._client.isForwardProxy()) { self._connection.?.tls = .{ .blocking = try tls.client(std.net.Stream{ .handle = socket }, tls_config), }; @@ -851,7 +851,7 @@ pub const Request = struct { try self.headers.append(arena, .{ .name = "User-Agent", .value = "Lightpanda/1.0" }); try self.headers.append(arena, .{ .name = "Accept", .value = "*/*" }); - if (self._client.isSimpleProxy()) { + if (self._client.isForwardProxy()) { if (self._client.proxy_auth) |proxy_auth| { try self.headers.append(arena, .{ .name = "Proxy-Authorization", .value = proxy_auth }); } @@ -934,7 +934,7 @@ pub const Request = struct { } // A simple http proxy to an https destination is made into tls by the proxy, we see it as a plain connection - const expect_tls = self._proxy_secure or (self._request_secure and !self._client.isSimpleProxy()); + const expect_tls = self._proxy_secure or (self._request_secure and !self._client.isForwardProxy()); return self._client.connection_manager.get(expect_tls, self._connect_host, self._connect_port, blocking); } @@ -958,7 +958,7 @@ pub const Request = struct { } fn buildHeader(self: *Request) ![]const u8 { - const proxied = self._client.isSimpleProxy(); + const proxied = self._client.isForwardProxy(); const buf = self._state.header_buf; var fbs = std.io.fixedBufferStream(buf); From b6132f24975027f9c07e3ad4d9b7d0c62552b428 Mon Sep 17 00:00:00 2001 From: Karl Seguin Date: Mon, 7 Jul 2025 19:56:21 +0800 Subject: [PATCH 2/3] fix secure connection logic --- src/http/client.zig | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/http/client.zig b/src/http/client.zig index c3dbb41bd..bbdb98768 100644 --- a/src/http/client.zig +++ b/src/http/client.zig @@ -711,7 +711,12 @@ pub const Request = struct { } } } - if (self._request_secure and !self._proxy_secure and !self._client.isForwardProxy()) { + + + if ( + (self._request_secure and !self._proxy_secure) and + (!self._client.isForwardProxy() or self._proxy_secure) + ) { self._connection.?.tls = .{ .blocking = try tls.client(std.net.Stream{ .handle = socket }, tls_config), }; From 38bbad6e8810d864fb421c48f194a5f43820e6b7 Mon Sep 17 00:00:00 2001 From: Karl Seguin Date: Tue, 8 Jul 2025 09:33:53 +0800 Subject: [PATCH 3/3] Revert "fix secure connection logic" This reverts commit b6132f24975027f9c07e3ad4d9b7d0c62552b428. --- src/http/client.zig | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/src/http/client.zig b/src/http/client.zig index bbdb98768..c3dbb41bd 100644 --- a/src/http/client.zig +++ b/src/http/client.zig @@ -711,12 +711,7 @@ pub const Request = struct { } } } - - - if ( - (self._request_secure and !self._proxy_secure) and - (!self._client.isForwardProxy() or self._proxy_secure) - ) { + if (self._request_secure and !self._proxy_secure and !self._client.isForwardProxy()) { self._connection.?.tls = .{ .blocking = try tls.client(std.net.Stream{ .handle = socket }, tls_config), };