From 4e04cbafe7db326b52ee650a4f4ccc3444da6890 Mon Sep 17 00:00:00 2001
From: David Kalnischkies <david@kalnischkies.de>
Date: Mon, 13 Sep 2021 00:54:38 +0200
Subject: Use https config on https proxies for http servers

The settings used for unwrapping TLS connections depend on the access
and hostname we connect to more than what we eventually unwrap. The
bugreport mentions CaInfo, but all other https-settings should also
apply (regardless of generic or hostname specific) to an https proxy,
even if the connection we proxy through it is http-only.

Closes: #990555
---
 methods/http.cc | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'methods/http.cc')

diff --git a/methods/http.cc b/methods/http.cc
index b6d754037..2a5ab2cd2 100644
--- a/methods/http.cc
+++ b/methods/http.cc
@@ -518,7 +518,9 @@ ResultState HttpServerState::Open()
 	 return result;
       if (Host == Proxy.Host && Proxy.Access == "https")
       {
-	 result = UnwrapTLS(Proxy.Host, ServerFd, TimeOut, Owner);
+	 aptConfigWrapperForMethods ProxyConf{std::vector<std::string>{"http", "https"}};
+	 ProxyConf.setPostfixForMethodNames(Proxy.Host.c_str());
+	 result = UnwrapTLS(Proxy.Host, ServerFd, TimeOut, Owner, &ProxyConf);
 	 if (result != ResultState::SUCCESSFUL)
 	    return result;
       }
@@ -531,7 +533,7 @@ ResultState HttpServerState::Open()
    }
 
    if (tls)
-      return UnwrapTLS(ServerName.Host, ServerFd, TimeOut, Owner);
+      return UnwrapTLS(ServerName.Host, ServerFd, TimeOut, Owner, Owner);
 
    return ResultState::SUCCESSFUL;
 }
-- 
cgit v1.2.3-70-g09d2