Skip to content

feat: support HTTPs PROXY URL #11708

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
itzwam wants to merge 1 commit into
base: master
Choose a base branch
from
+4 −4
Draft

feat: support HTTPs PROXY URL #11708

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions src/flb_utils.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1833,7 +1833,7 @@ int flb_utils_url_split_sds(const flb_sds_t in_url, flb_sds_t *out_protocol,
/*
* flb_utils_proxy_url_split parses a proxy's information from a http_proxy URL.
* The URL is in the form like `http://[username:password@]myproxy.com:8080`.
* Note: currently only HTTP is supported.
* Note: currently only HTTP(s) is supported.
*/
int flb_utils_proxy_url_split(const char *in_url, char **out_protocol,
char **out_username, char **out_password,
Expand Down Expand Up @@ -1869,9 +1869,9 @@ int flb_utils_proxy_url_split(const char *in_url, char **out_protocol,
return -1;
}

/* Only HTTP proxy is supported for now. */
if (strcmp(protocol, "http") != 0) {
flb_error("only HTTP proxy is supported.");
/* Only HTTP(s) proxy is supported for now. */
if (strcmp(protocol, "http") != 0 && strcmp(protocol, "https") != 0) {
Copy link
Copy Markdown

@chatgpt-codex-connector chatgpt-codex-connector bot Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Reject https proxy scheme until transport handles it

flb_utils_proxy_url_split now accepts https URLs, but the parsed protocol is not used downstream: flb_upstream_create frees proxy_protocol and still builds a normal TCP upstream (src/flb_upstream.c, proxy setup block), then flb_io_net_connect sends CONNECT over that plain socket before any TLS handshake (src/flb_io.c and flb_http_client_proxy_connect). For real HTTPS proxies (TLS to proxy), this path fails because the proxy expects TLS first, so this commit advertises support that does not actually work for the new accepted input.

Useful? React with 👍 / 👎.

flb_error("only HTTP(s) proxy is supported.");
Comment on lines +1872 to +1874
Copy link
Copy Markdown

@coderabbitai coderabbitai bot Apr 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

HTTPS support is incomplete when proxy port is omitted.

After allowing https:// at Lines 1872-1874, the no-port paths still default to "80" (Lines 1952 and 1991).
https://proxy.example.com should default to 443, otherwise this path will fail or connect incorrectly.

🔧 Proposed fix 
@@
-        else if (*(end + 1) == '\0') {
-            port = flb_strdup("80");
+        else if (*(end + 1) == '\0') {
+            if (strcmp(protocol, "https") == 0) {
+                port = flb_strdup("443");
+            }
+            else {
+                port = flb_strdup("80");
+            }
             if (!port) {
                 flb_errno();
                 goto error;
             }
         }
@@
-            port = flb_strdup("80");
+            if (strcmp(protocol, "https") == 0) {
+                port = flb_strdup("443");
+            }
+            else {
+                port = flb_strdup("80");
+            }
             if (!port) {
                 flb_errno();
                 goto error;
             }
         }

Also applies to: 1951-1953, 1991-1993

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@src/flb_utils.c` around lines 1872 - 1874, The proxy URL parsing currently
accepts "https" but still defaults an absent port to "80"; update the proxy-port
fallback logic so that when the parsed protocol variable equals "https"
(strcmp(protocol, "https") == 0) the default port is set to "443" and when it
equals "http" it remains "80"; locate the code paths that assign the literal
"80" (the port fallback branches where port is set when missing) and change them
to choose "443" for protocol == "https" and "80" otherwise, and ensure any log
messages (e.g., flb_error usage around unsupported protocols) and comments
reflect HTTPS default port 443.

goto error;
}

Expand Down
Loading