From: Daniel Martí <mvdan@mvdan.cc>
Date: Mon, 25 Sep 2017 16:21:39 +0000 (+0100)
Subject: net/http: error if Transport.Proxy returns https
X-Git-Tag: go1.10beta1~972
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=e61c5e2f2044c7bc606ebdfbd0187598b90c50e5;p=gostls13.git

net/http: error if Transport.Proxy returns https

Transport.Proxy is documented as only supporting the http and socks5
schemes. If one tries to use it for https URLs, they end up with a
cryptic error like:

	http: TLS handshake error from [...]: tls: oversized record received with length 20037

This is because Transport simply skips TLS if Proxy is non-nil, since it
knows it doesn't support Proxy with https.

However, that error is very confusing and it can take a while to figure
out what's going on. Instead, error if Proxy is used and it returns an
unsupported scheme.

Updates #19493.

Change-Id: Ia036357011752f45bb9b8282a4ab5e31bc8d1a69
Reviewed-on: https://go-review.googlesource.com/66010
Run-TryBot: Daniel Martí <mvdan@mvdan.cc>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Tom Bergan <tombergan@google.com>
---

diff --git a/src/net/http/transport.go b/src/net/http/transport.go
index 9182e9454b..5f2ace7b4b 100644
--- a/src/net/http/transport.go
+++ b/src/net/http/transport.go
@@ -618,6 +618,11 @@ func (t *Transport) connectMethodForRequest(treq *transportRequest) (cm connectM
 			if port := cm.proxyURL.Port(); !validPort(port) {
 				return cm, fmt.Errorf("invalid proxy URL port %q", port)
 			}
+			switch cm.proxyURL.Scheme {
+			case "http", "socks5":
+			default:
+				return cm, fmt.Errorf("invalid proxy URL scheme %q", cm.proxyURL.Scheme)
+			}
 		}
 	}
 	return cm, err