noproxy difference between 7.85 and 7.86

[soddencarpenter]

I did this

I have environment variables
HTTPS_PROXY='http://proxy.example.org:80/'
HTTP_PROXY='http://proxy.example.org:80/'
NO_PROXY='docker,example.org,sub.example.org'

With 7.85.0, using curl from an internal site, the file is downloaded as expected.

curl -L -O https://software.example.org/certs/cert.pem

With 7.86.0, the same setup fails with:
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to software.example.org:443

If I change the 7.86.0 command to be
curl --noproxy '*' -L -O https://software.example.org/certs/cert.pem

then 7.86.0 will download the file as expected.

I also tried:

• Setting https_proxy, http_proxy, no_proxy (the lower case versions)
• Having a "." (period) before the proxy names (e.g., .example.org,.sub.example.org)
• Setting the http_proxy and https_proxy to be 'proxy.example.org:80' (i.e., removing the http protocol and removing the trailing slash)

I expected the following

No change between 7.85 and 7.86 in the handling of the proxy configuration if I am not specifying a CIDR

curl/libcurl version

[curl -V output]

7.85.0:
curl 7.85.0-DEV (x86_64-pc-linux-musl) libcurl/7.85.0-DEV OpenSSL/1.1.1q zlib/1.2.12 brotli/1.0.9 libssh2/1.10.0 nghttp2/1.46.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets

7.86.0:
curl 7.86.0-DEV (x86_64-pc-linux-musl) libcurl/7.86.0-DEV OpenSSL/1.1.1q zlib/1.2.12 brotli/1.0.9 libssh2/1.10.0 nghttp2/1.47.0
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL threadsafe TLS-SRP UnixSockets

operating system

Linux 3d4ce9f982f4 3.10.0-1160.80.1.el7.x86_64 #1 SMP Sat Oct 8 18:13:21 UTC 2022 x86_64 Linux

[soddencarpenter]

Some additional information.

Version 7.85.0:

$ curl -s -v -L -O https://software.example.org/certs/cert.pem
* Uses proxy env variable NO_PROXY == 'docker,.example.org,.ca.example.org'
*   Trying 123.123.12.12:443...
* Connected to software.example.org (123.123.12.12) port 443 (#0)

In this case, it picks up the no proxy appropriately, and directly connects.

Version 7.86.0

$ curl -s -v -L -O https://software.example.org/certs/cert.pem
* Uses proxy env variable NO_PROXY == 'docker,.example.org,.ca.example.org'
* Uses proxy env variable HTTPS_PROXY == 'http://proxy.example.org:80/'
*   Trying 10.192.2.17:80...
* Connected to (nil) (10.192.2.17) port 80 (#0)
* allocate connect buffer
* Establish HTTP proxy tunnel to software.example.org:443
> CONNECT software.example.org:443 HTTP/1.1

In this case, it seems that it is failing to apply the NO_PROXY to the software.example.org, and therefore is failing.
It is the same if I use the lower case no_proxy.

However, if I directly specify curl --noproxy .example.org ... or curl --noproxy '*', then then download works.

[bagder]

This is already fixed in master.

[soddencarpenter]

This is already fixed in master.

OK, thanks. I did not see the fix. I appreciate the information!

Thanks for the work with this utility!

[bagder]

It was fixed in multiple PRs, most recently #9858 which I hope should be the last one for a while.