Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
cURL does not pass proxy passwords greater than 255 characters to http proxies #5448
I did this
I expected the following
I expected cURL to send the entire username/password string to the proxy in the Proxy-Authorization header. Instead cURL appears to send just the username and a colon:
Proxy-Authorization: Basic d2lsbDo=
Debian 10, using a newer kernel: 5.5.0-0.bpo.2 (5.5.17-1~bpo10+1)
Yes and no!
If you'd try that exact program with a current libcurl version, you would not have this problem. As when providing the credentials within the proxy string has no such length restriction since a while back (I believe since we started parsing the proxy string with the URL parser even internally, in 7.65.0).
However, we still had such a restriction on the HTTP proxy auth credentials if they were specified separately with -U, so there was still a bug in there. PR coming up with a fix for this.