diff --git a/curl-sys/lib.rs b/curl-sys/lib.rs index fef1a01f6..5927244cc 100644 --- a/curl-sys/lib.rs +++ b/curl-sys/lib.rs @@ -377,6 +377,7 @@ pub const CURLOPTTYPE_OBJECTPOINT: CURLoption = 10_000; pub const CURLOPTTYPE_FUNCTIONPOINT: CURLoption = 20_000; pub const CURLOPTTYPE_OFF_T: CURLoption = 30_000; pub const CURLOPTTYPE_BLOB: CURLoption = 40_000; +const CURLOPTTYPE_VALUES: CURLoption = CURLOPTTYPE_LONG; pub const CURLOPT_FILE: CURLoption = CURLOPTTYPE_OBJECTPOINT + 1; pub const CURLOPT_URL: CURLoption = CURLOPTTYPE_OBJECTPOINT + 2; @@ -592,8 +593,17 @@ pub const CURLOPT_PIPEWAIT: CURLoption = CURLOPTTYPE_LONG + 237; pub const CURLOPT_CONNECT_TO: CURLoption = CURLOPTTYPE_OBJECTPOINT + 243; pub const CURLOPT_PROXY_CAINFO: CURLoption = CURLOPTTYPE_OBJECTPOINT + 246; pub const CURLOPT_PROXY_CAPATH: CURLoption = CURLOPTTYPE_OBJECTPOINT + 247; +pub const CURLOPT_PROXY_SSL_VERIFYPEER: CURLoption = CURLOPTTYPE_LONG + 248; +pub const CURLOPT_PROXY_SSL_VERIFYHOST: CURLoption = CURLOPTTYPE_LONG + 249; +pub const CURLOPT_PROXY_SSLVERSION: CURLoption = CURLOPTTYPE_VALUES + 250; pub const CURLOPT_PROXY_SSLCERT: CURLoption = CURLOPTTYPE_OBJECTPOINT + 254; +pub const CURLOPT_PROXY_SSLCERTTYPE: CURLoption = CURLOPTTYPE_OBJECTPOINT + 255; pub const CURLOPT_PROXY_SSLKEY: CURLoption = CURLOPTTYPE_OBJECTPOINT + 256; +pub const CURLOPT_PROXY_SSLKEYTYPE: CURLoption = CURLOPTTYPE_OBJECTPOINT + 257; +pub const CURLOPT_PROXY_KEYPASSWD: CURLoption = CURLOPTTYPE_OBJECTPOINT + 258; +pub const CURLOPT_PROXY_SSL_CIPHER_LIST: CURLoption = CURLOPTTYPE_OBJECTPOINT + 259; +pub const CURLOPT_PROXY_CRLFILE: CURLoption = CURLOPTTYPE_OBJECTPOINT + 260; +pub const CURLOPT_PROXY_SSL_OPTIONS: CURLoption = CURLOPTTYPE_LONG + 261; pub const CURLOPT_DOH_URL: CURLoption = CURLOPTTYPE_OBJECTPOINT + 279; pub const CURLOPT_UPLOAD_BUFFERSIZE: CURLoption = CURLOPTTYPE_LONG + 280; @@ -608,12 +618,16 @@ pub const CURLOPT_PROXY_SSLCERT_BLOB: CURLoption = CURLOPTTYPE_BLOB + 293; pub const CURLOPT_PROXY_SSLKEY_BLOB: CURLoption = CURLOPTTYPE_BLOB + 294; pub const CURLOPT_ISSUERCERT_BLOB: CURLoption = CURLOPTTYPE_BLOB + 295; +pub const CURLOPT_PROXY_ISSUERCERT: CURLoption = CURLOPTTYPE_OBJECTPOINT + 296; +pub const CURLOPT_PROXY_ISSUERCERT_BLOB: CURLoption = CURLOPTTYPE_BLOB + 297; + pub const CURLOPT_AWS_SIGV4: CURLoption = CURLOPTTYPE_OBJECTPOINT + 305; pub const CURLOPT_DOH_SSL_VERIFYPEER: CURLoption = CURLOPTTYPE_LONG + 306; pub const CURLOPT_DOH_SSL_VERIFYHOST: CURLoption = CURLOPTTYPE_LONG + 307; pub const CURLOPT_DOH_SSL_VERIFYSTATUS: CURLoption = CURLOPTTYPE_LONG + 308; pub const CURLOPT_CAINFO_BLOB: CURLoption = CURLOPTTYPE_BLOB + 309; +pub const CURLOPT_PROXY_CAINFO_BLOB: CURLoption = CURLOPTTYPE_BLOB + 310; pub const CURL_IPRESOLVE_WHATEVER: c_int = 0; pub const CURL_IPRESOLVE_V4: c_int = 1; diff --git a/src/easy/handle.rs b/src/easy/handle.rs index b109adc96..fb18e0270 100644 --- a/src/easy/handle.rs +++ b/src/easy/handle.rs @@ -593,6 +593,11 @@ impl Easy { self.inner.proxy_sslcert(sslcert) } + /// Same as [`Easy2::proxy_sslcert_type`](struct.Easy2.html#method.proxy_sslcert_type) + pub fn proxy_sslcert_type(&mut self, kind: &str) -> Result<(), Error> { + self.inner.proxy_sslcert_type(kind) + } + /// Same as [`Easy2::proxy_sslcert_blob`](struct.Easy2.html#method.proxy_sslcert_blob) pub fn proxy_sslcert_blob(&mut self, blob: &[u8]) -> Result<(), Error> { self.inner.proxy_sslcert_blob(blob) @@ -603,11 +608,21 @@ impl Easy { self.inner.proxy_sslkey(sslkey) } + /// Same as [`Easy2::proxy_sslkey_type`](struct.Easy2.html#method.proxy_sslkey_type) + pub fn proxy_sslkey_type(&mut self, kind: &str) -> Result<(), Error> { + self.inner.proxy_sslkey_type(kind) + } + /// Same as [`Easy2::proxy_sslkey_blob`](struct.Easy2.html#method.proxy_sslkey_blob) pub fn proxy_sslkey_blob(&mut self, blob: &[u8]) -> Result<(), Error> { self.inner.proxy_sslkey_blob(blob) } + /// Same as [`Easy2::proxy_key_password`](struct.Easy2.html#method.proxy_key_password) + pub fn proxy_key_password(&mut self, password: &str) -> Result<(), Error> { + self.inner.proxy_key_password(password) + } + /// Same as [`Easy2::proxy_type`](struct.Easy2.html#method.proxy_type) pub fn proxy_type(&mut self, kind: ProxyType) -> Result<(), Error> { self.inner.proxy_type(kind) @@ -1028,6 +1043,11 @@ impl Easy { self.inner.ssl_cainfo_blob(blob) } + /// Same as [`Easy2::proxy_ssl_cainfo_blob`](struct.Easy2.html#method.proxy_ssl_cainfo_blob) + pub fn proxy_ssl_cainfo_blob(&mut self, blob: &[u8]) -> Result<(), Error> { + self.inner.proxy_ssl_cainfo_blob(blob) + } + /// Same as [`Easy2::ssl_engine`](struct.Easy2.html#method.ssl_engine) pub fn ssl_engine(&mut self, engine: &str) -> Result<(), Error> { self.inner.ssl_engine(engine) @@ -1048,6 +1068,11 @@ impl Easy { self.inner.ssl_version(version) } + /// Same as [`Easy2::proxy_ssl_version`](struct.Easy2.html#method.proxy_ssl_version) + pub fn proxy_ssl_version(&mut self, version: SslVersion) -> Result<(), Error> { + self.inner.proxy_ssl_version(version) + } + /// Same as [`Easy2::ssl_min_max_version`](struct.Easy2.html#method.ssl_min_max_version) pub fn ssl_min_max_version( &mut self, @@ -1057,16 +1082,36 @@ impl Easy { self.inner.ssl_min_max_version(min_version, max_version) } + /// Same as [`Easy2::proxy_ssl_min_max_version`](struct.Easy2.html#method.proxy_ssl_min_max_version) + pub fn proxy_ssl_min_max_version( + &mut self, + min_version: SslVersion, + max_version: SslVersion, + ) -> Result<(), Error> { + self.inner + .proxy_ssl_min_max_version(min_version, max_version) + } + /// Same as [`Easy2::ssl_verify_host`](struct.Easy2.html#method.ssl_verify_host) pub fn ssl_verify_host(&mut self, verify: bool) -> Result<(), Error> { self.inner.ssl_verify_host(verify) } + /// Same as [`Easy2::proxy_ssl_verify_host`](struct.Easy2.html#method.proxy_ssl_verify_host) + pub fn proxy_ssl_verify_host(&mut self, verify: bool) -> Result<(), Error> { + self.inner.proxy_ssl_verify_host(verify) + } + /// Same as [`Easy2::ssl_verify_peer`](struct.Easy2.html#method.ssl_verify_peer) pub fn ssl_verify_peer(&mut self, verify: bool) -> Result<(), Error> { self.inner.ssl_verify_peer(verify) } + /// Same as [`Easy2::proxy_ssl_verify_peer`](struct.Easy2.html#method.proxy_ssl_verify_peer) + pub fn proxy_ssl_verify_peer(&mut self, verify: bool) -> Result<(), Error> { + self.inner.proxy_ssl_verify_peer(verify) + } + /// Same as [`Easy2::cainfo`](struct.Easy2.html#method.cainfo) pub fn cainfo>(&mut self, path: P) -> Result<(), Error> { self.inner.cainfo(path) @@ -1077,11 +1122,21 @@ impl Easy { self.inner.issuer_cert(path) } + /// Same as [`Easy2::proxy_issuer_cert`](struct.Easy2.html#method.proxy_issuer_cert) + pub fn proxy_issuer_cert>(&mut self, path: P) -> Result<(), Error> { + self.inner.proxy_issuer_cert(path) + } + /// Same as [`Easy2::issuer_cert_blob`](struct.Easy2.html#method.issuer_cert_blob) pub fn issuer_cert_blob(&mut self, blob: &[u8]) -> Result<(), Error> { self.inner.issuer_cert_blob(blob) } + /// Same as [`Easy2::proxy_issuer_cert_blob`](struct.Easy2.html#method.proxy_issuer_cert_blob) + pub fn proxy_issuer_cert_blob(&mut self, blob: &[u8]) -> Result<(), Error> { + self.inner.proxy_issuer_cert_blob(blob) + } + /// Same as [`Easy2::capath`](struct.Easy2.html#method.capath) pub fn capath>(&mut self, path: P) -> Result<(), Error> { self.inner.capath(path) @@ -1092,6 +1147,11 @@ impl Easy { self.inner.crlfile(path) } + /// Same as [`Easy2::proxy_crlfile`](struct.Easy2.html#method.proxy_crlfile) + pub fn proxy_crlfile>(&mut self, path: P) -> Result<(), Error> { + self.inner.proxy_crlfile(path) + } + /// Same as [`Easy2::certinfo`](struct.Easy2.html#method.certinfo) pub fn certinfo(&mut self, enable: bool) -> Result<(), Error> { self.inner.certinfo(enable) @@ -1112,6 +1172,11 @@ impl Easy { self.inner.ssl_cipher_list(ciphers) } + /// Same as [`Easy2::proxy_ssl_cipher_list`](struct.Easy2.html#method.proxy_ssl_cipher_list) + pub fn proxy_ssl_cipher_list(&mut self, ciphers: &str) -> Result<(), Error> { + self.inner.proxy_ssl_cipher_list(ciphers) + } + /// Same as [`Easy2::ssl_sessionid_cache`](struct.Easy2.html#method.ssl_sessionid_cache) pub fn ssl_sessionid_cache(&mut self, enable: bool) -> Result<(), Error> { self.inner.ssl_sessionid_cache(enable) @@ -1122,6 +1187,11 @@ impl Easy { self.inner.ssl_options(bits) } + /// Same as [`Easy2::proxy_ssl_options`](struct.Easy2.html#method.proxy_ssl_options) + pub fn proxy_ssl_options(&mut self, bits: &SslOpt) -> Result<(), Error> { + self.inner.proxy_ssl_options(bits) + } + /// Same as [`Easy2::pinned_public_key`](struct.Easy2.html#method.pinned_public_key) pub fn pinned_public_key(&mut self, pubkey: &str) -> Result<(), Error> { self.inner.pinned_public_key(pubkey) diff --git a/src/easy/handler.rs b/src/easy/handler.rs index 5ace28bab..b90a968d3 100644 --- a/src/easy/handler.rs +++ b/src/easy/handler.rs @@ -935,6 +935,20 @@ impl Easy2 { self.setopt_str(curl_sys::CURLOPT_PROXY_SSLCERT, &sslcert) } + /// Specify type of the client SSL certificate for HTTPS proxy. + /// + /// The string should be the format of your certificate. Supported formats + /// are "PEM" and "DER", except with Secure Transport. OpenSSL (versions + /// 0.9.3 and later) and Secure Transport (on iOS 5 or later, or OS X 10.7 + /// or later) also support "P12" for PKCS#12-encoded files. + /// + /// By default this option is "PEM" and corresponds to + /// `CURLOPT_PROXY_SSLCERTTYPE`. + pub fn proxy_sslcert_type(&mut self, kind: &str) -> Result<(), Error> { + let kind = CString::new(kind)?; + self.setopt_str(curl_sys::CURLOPT_PROXY_SSLCERTTYPE, &kind) + } + /// Set the client certificate for the proxy using an in-memory blob. /// /// The specified byte buffer should contain the binary content of the @@ -955,7 +969,25 @@ impl Easy2 { self.setopt_str(curl_sys::CURLOPT_PROXY_SSLKEY, &sslkey) } - /// Set the pricate key for the proxy using an in-memory blob. + /// Set type of the private key file for HTTPS proxy. + /// + /// The string should be the format of your private key. Supported formats + /// are "PEM", "DER" and "ENG". + /// + /// The format "ENG" enables you to load the private key from a crypto + /// engine. In this case `ssl_key` is used as an identifier passed to + /// the engine. You have to set the crypto engine with `ssl_engine`. + /// "DER" format key file currently does not work because of a bug in + /// OpenSSL. + /// + /// By default this option is "PEM" and corresponds to + /// `CURLOPT_PROXY_SSLKEYTYPE`. + pub fn proxy_sslkey_type(&mut self, kind: &str) -> Result<(), Error> { + let kind = CString::new(kind)?; + self.setopt_str(curl_sys::CURLOPT_PROXY_SSLKEYTYPE, &kind) + } + + /// Set the private key for the proxy using an in-memory blob. /// /// The specified byte buffer should contain the binary content of the /// private key, which will be copied into the handle. @@ -966,6 +998,19 @@ impl Easy2 { self.setopt_blob(curl_sys::CURLOPT_PROXY_SSLKEY_BLOB, blob) } + /// Set passphrase to private key for HTTPS proxy. + /// + /// This will be used as the password required to use the `ssl_key`. + /// You never needed a pass phrase to load a certificate but you need one to + /// load your private key. + /// + /// By default this option is not set and corresponds to + /// `CURLOPT_PROXY_KEYPASSWD`. + pub fn proxy_key_password(&mut self, password: &str) -> Result<(), Error> { + let password = CString::new(password)?; + self.setopt_str(curl_sys::CURLOPT_PROXY_KEYPASSWD, &password) + } + /// Indicates the type of proxy being used. /// /// By default this option is `ProxyType::Http` and corresponds to @@ -2202,6 +2247,19 @@ impl Easy2 { self.setopt_blob(curl_sys::CURLOPT_CAINFO_BLOB, blob) } + /// Set the SSL Certificate Authorities for HTTPS proxies using an in-memory + /// blob. + /// + /// The specified byte buffer should contain the binary content of one + /// or more PEM-encoded CA certificates, which will be copied into + /// the handle. + /// + /// By default this option is not set and corresponds to + /// `CURLOPT_PROXY_CAINFO_BLOB`. + pub fn proxy_ssl_cainfo_blob(&mut self, blob: &[u8]) -> Result<(), Error> { + self.setopt_blob(curl_sys::CURLOPT_PROXY_CAINFO_BLOB, blob) + } + /// Set the SSL engine identifier. /// /// This will be used as the identifier for the crypto engine you want to @@ -2251,6 +2309,14 @@ impl Easy2 { self.setopt_long(curl_sys::CURLOPT_SSLVERSION, version as c_long) } + /// Set preferred TLS/SSL version when connecting to an HTTPS proxy. + /// + /// By default this option is not set and corresponds to + /// `CURLOPT_PROXY_SSLVERSION`. + pub fn proxy_ssl_version(&mut self, version: SslVersion) -> Result<(), Error> { + self.setopt_long(curl_sys::CURLOPT_PROXY_SSLVERSION, version as c_long) + } + /// Set preferred TLS/SSL version with minimum version and maximum version. /// /// By default this option is not set and corresponds to @@ -2264,6 +2330,20 @@ impl Easy2 { self.setopt_long(curl_sys::CURLOPT_SSLVERSION, version) } + /// Set preferred TLS/SSL version with minimum version and maximum version + /// when connecting to an HTTPS proxy. + /// + /// By default this option is not set and corresponds to + /// `CURLOPT_PROXY_SSLVERSION`. + pub fn proxy_ssl_min_max_version( + &mut self, + min_version: SslVersion, + max_version: SslVersion, + ) -> Result<(), Error> { + let version = (min_version as c_long) | ((max_version as c_long) << 16); + self.setopt_long(curl_sys::CURLOPT_PROXY_SSLVERSION, version) + } + /// Verify the certificate's name against host. /// /// This should be disabled with great caution! It basically disables the @@ -2276,6 +2356,18 @@ impl Easy2 { self.setopt_long(curl_sys::CURLOPT_SSL_VERIFYHOST, val) } + /// Verify the certificate's name against host for HTTPS proxy. + /// + /// This should be disabled with great caution! It basically disables the + /// security features of SSL if it is disabled. + /// + /// By default this option is set to `true` and corresponds to + /// `CURLOPT_PROXY_SSL_VERIFYHOST`. + pub fn proxy_ssl_verify_host(&mut self, verify: bool) -> Result<(), Error> { + let val = if verify { 2 } else { 0 }; + self.setopt_long(curl_sys::CURLOPT_PROXY_SSL_VERIFYHOST, val) + } + /// Verify the peer's SSL certificate. /// /// This should be disabled with great caution! It basically disables the @@ -2287,6 +2379,17 @@ impl Easy2 { self.setopt_long(curl_sys::CURLOPT_SSL_VERIFYPEER, verify as c_long) } + /// Verify the peer's SSL certificate for HTTPS proxy. + /// + /// This should be disabled with great caution! It basically disables the + /// security features of SSL if it is disabled. + /// + /// By default this option is set to `true` and corresponds to + /// `CURLOPT_PROXY_SSL_VERIFYPEER`. + pub fn proxy_ssl_verify_peer(&mut self, verify: bool) -> Result<(), Error> { + self.setopt_long(curl_sys::CURLOPT_PROXY_SSL_VERIFYPEER, verify as c_long) + } + // /// Verify the certificate's status. // /// // /// This option determines whether libcurl verifies the status of the server @@ -2326,8 +2429,8 @@ impl Easy2 { /// specific branch of the tree. /// /// This option makes sense only when used in combination with the - /// `ssl_verify_peer` option. Otherwise, the result of the check is not - /// considered as failure. + /// [`Easy2::ssl_verify_peer`] option. Otherwise, the result of the check is + /// not considered as failure. /// /// By default this option is not set and corresponds to /// `CURLOPT_ISSUERCERT`. @@ -2335,6 +2438,25 @@ impl Easy2 { self.setopt_path(curl_sys::CURLOPT_ISSUERCERT, path.as_ref()) } + /// Set the issuer SSL certificate filename for HTTPS proxies + /// + /// Specifies a file holding a CA certificate in PEM format. If the option + /// is set, an additional check against the peer certificate is performed to + /// verify the issuer is indeed the one associated with the certificate + /// provided by the option. This additional check is useful in multi-level + /// PKI where one needs to enforce that the peer certificate is from a + /// specific branch of the tree. + /// + /// This option makes sense only when used in combination with the + /// [`Easy2::proxy_ssl_verify_peer`] option. Otherwise, the result of the + /// check is not considered as failure. + /// + /// By default this option is not set and corresponds to + /// `CURLOPT_PROXY_ISSUERCERT`. + pub fn proxy_issuer_cert>(&mut self, path: P) -> Result<(), Error> { + self.setopt_path(curl_sys::CURLOPT_PROXY_ISSUERCERT, path.as_ref()) + } + /// Set the issuer SSL certificate using an in-memory blob. /// /// The specified byte buffer should contain the binary content of a CA @@ -2347,6 +2469,18 @@ impl Easy2 { self.setopt_blob(curl_sys::CURLOPT_ISSUERCERT_BLOB, blob) } + /// Set the issuer SSL certificate for HTTPS proxies using an in-memory blob. + /// + /// The specified byte buffer should contain the binary content of a CA + /// certificate in the PEM format. The certificate will be copied into the + /// handle. + /// + /// By default this option is not set and corresponds to + /// `CURLOPT_PROXY_ISSUERCERT_BLOB`. + pub fn proxy_issuer_cert_blob(&mut self, blob: &[u8]) -> Result<(), Error> { + self.setopt_blob(curl_sys::CURLOPT_PROXY_ISSUERCERT_BLOB, blob) + } + /// Specify directory holding CA certificates /// /// Names a directory holding multiple CA certificates to verify the peer @@ -2371,7 +2505,7 @@ impl Easy2 { /// the elements of the certificate chain if a CRL file is passed. /// /// This option makes sense only when used in combination with the - /// `ssl_verify_peer` option. + /// [`Easy2::ssl_verify_peer`] option. /// /// A specific error code (`is_ssl_crl_badfile`) is defined with the /// option. It is returned when the SSL exchange fails because the CRL file @@ -2384,6 +2518,27 @@ impl Easy2 { self.setopt_path(curl_sys::CURLOPT_CRLFILE, path.as_ref()) } + /// Specify a Certificate Revocation List file to use when connecting to an + /// HTTPS proxy. + /// + /// Names a file with the concatenation of CRL (in PEM format) to use in the + /// certificate validation that occurs during the SSL exchange. + /// + /// When curl is built to use NSS or GnuTLS, there is no way to influence + /// the use of CRL passed to help in the verification process. When libcurl + /// is built with OpenSSL support, X509_V_FLAG_CRL_CHECK and + /// X509_V_FLAG_CRL_CHECK_ALL are both set, requiring CRL check against all + /// the elements of the certificate chain if a CRL file is passed. + /// + /// This option makes sense only when used in combination with the + /// [`Easy2::proxy_ssl_verify_peer`] option. + /// + /// By default this option is not set and corresponds to + /// `CURLOPT_PROXY_CRLFILE`. + pub fn proxy_crlfile>(&mut self, path: P) -> Result<(), Error> { + self.setopt_path(curl_sys::CURLOPT_PROXY_CRLFILE, path.as_ref()) + } + /// Request SSL certificate information /// /// Enable libcurl's certificate chain info gatherer. With this enabled, @@ -2468,6 +2623,37 @@ impl Easy2 { self.setopt_str(curl_sys::CURLOPT_SSL_CIPHER_LIST, &ciphers) } + /// Specify ciphers to use for TLS for an HTTPS proxy. + /// + /// Holds the list of ciphers to use for the SSL connection. The list must + /// be syntactically correct, it consists of one or more cipher strings + /// separated by colons. Commas or spaces are also acceptable separators + /// but colons are normally used, !, - and + can be used as operators. + /// + /// For OpenSSL and GnuTLS valid examples of cipher lists include 'RC4-SHA', + /// ´SHA1+DES´, 'TLSv1' and 'DEFAULT'. The default list is normally set when + /// you compile OpenSSL. + /// + /// You'll find more details about cipher lists on this URL: + /// + /// https://www.openssl.org/docs/apps/ciphers.html + /// + /// For NSS, valid examples of cipher lists include 'rsa_rc4_128_md5', + /// ´rsa_aes_128_sha´, etc. With NSS you don't add/remove ciphers. If one + /// uses this option then all known ciphers are disabled and only those + /// passed in are enabled. + /// + /// You'll find more details about the NSS cipher lists on this URL: + /// + /// http://git.fedorahosted.org/cgit/mod_nss.git/plain/docs/mod_nss.html#Directives + /// + /// By default this option is not set and corresponds to + /// `CURLOPT_PROXY_SSL_CIPHER_LIST`. + pub fn proxy_ssl_cipher_list(&mut self, ciphers: &str) -> Result<(), Error> { + let ciphers = CString::new(ciphers)?; + self.setopt_str(curl_sys::CURLOPT_PROXY_SSL_CIPHER_LIST, &ciphers) + } + /// Enable or disable use of the SSL session-ID cache /// /// By default all transfers are done using the cache enabled. While nothing @@ -2489,14 +2675,14 @@ impl Easy2 { self.setopt_long(curl_sys::CURLOPT_SSL_OPTIONS, bits.bits) } - // /// Set SSL behavior options for proxies - // /// - // /// Inform libcurl about SSL specific behaviors. - // /// - // /// This corresponds to the `CURLOPT_PROXY_SSL_OPTIONS` option. - // pub fn proxy_ssl_options(&mut self, bits: &SslOpt) -> Result<(), Error> { - // self.setopt_long(curl_sys::CURLOPT_PROXY_SSL_OPTIONS, bits.bits) - // } + /// Set SSL behavior options for proxies + /// + /// Inform libcurl about SSL specific behaviors. + /// + /// This corresponds to the `CURLOPT_PROXY_SSL_OPTIONS` option. + pub fn proxy_ssl_options(&mut self, bits: &SslOpt) -> Result<(), Error> { + self.setopt_long(curl_sys::CURLOPT_PROXY_SSL_OPTIONS, bits.bits) + } // /// Stores a private pointer-sized piece of data. // /// diff --git a/systest/build.rs b/systest/build.rs index 576e3e51f..a87b02ce0 100644 --- a/systest/build.rs +++ b/systest/build.rs @@ -67,6 +67,7 @@ fn main() { match s { "CURLVERSION_TENTH" | "CURLOPT_CAINFO_BLOB" + | "CURLOPT_PROXY_CAINFO_BLOB" | "CURLVERSION_NOW" | "CURL_VERSION_ALTSVC" | "CURL_VERSION_ZSTD" @@ -102,6 +103,8 @@ fn main() { match s { "CURLOPT_SSLCERT_BLOB" | "CURLOPT_SSLKEY_BLOB" + | "CURLOPT_PROXY_ISSUERCERT_BLOB" + | "CURLOPT_PROXY_ISSUERCERT" | "CURLOPT_PROXY_SSLCERT_BLOB" | "CURLOPT_PROXY_SSLKEY_BLOB" | "CURLOPT_ISSUERCERT_BLOB" @@ -167,16 +170,27 @@ fn main() { } if version < 54 { match s { - "CURL_SSLVERSION_TLSv1_3" - | "CURLOPT_PROXY_CAINFO" - | "CURLOPT_PROXY_SSLCERT" - | "CURLOPT_PROXY_SSLKEY" => return true, + "CURL_SSLVERSION_TLSv1_3" | "CURLOPT_PROXY_SSLCERT" | "CURLOPT_PROXY_SSLKEY" => { + return true + } _ => {} } } if version < 52 { match s { - "CURLOPT_PROXY_CAPATH" => return true, + "CURLOPT_PROXY_CAINFO" + | "CURLOPT_PROXY_CAPATH" + | "CURLOPT_PROXY_CRLFILE" + | "CURLOPT_PROXY_KEYPASSWD" + | "CURLOPT_PROXY_SSL_CIPHER_LIST" + | "CURLOPT_PROXY_SSL_OPTIONS" + | "CURLOPT_PROXY_SSL_VERIFYHOST" + | "CURLOPT_PROXY_SSL_VERIFYPEER" + | "CURLOPT_PROXY_SSLCERT" + | "CURLOPT_PROXY_SSLCERTTYPE" + | "CURLOPT_PROXY_SSLKEY" + | "CURLOPT_PROXY_SSLKEYTYPE" + | "CURLOPT_PROXY_SSLVERSION" => return true, _ => {} } }