From 8cc1b8fa16e27d6a1d25ec2062848ea0c4fb2619 Mon Sep 17 00:00:00 2001
From: sthen <sthen@openbsd.org>
Date: Tue, 23 Apr 2024 08:50:38 +0000
Subject: [PATCH] ftp: send Host: headers with CONNECT requests when tunneling
 TLS over an HTTP proxy (i.e. for fetching resources over https). This is
 required by some proxy servers.

Ftom KUWAZAWA Takuya, ok tb@
---
 usr.bin/ftp/fetch.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/usr.bin/ftp/fetch.c b/usr.bin/ftp/fetch.c
index 55b6a9feafe..799cd7124af 100644
--- a/usr.bin/ftp/fetch.c
+++ b/usr.bin/ftp/fetch.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: fetch.c,v 1.217 2024/04/17 09:51:18 tb Exp $	*/
+/*	$OpenBSD: fetch.c,v 1.218 2024/04/23 08:50:38 sthen Exp $	*/
 /*	$NetBSD: fetch.c,v 1.14 1997/08/18 10:20:20 lukem Exp $	*/
 
 /*-
@@ -1725,11 +1725,13 @@ proxy_connect(int socket, char *host, char *cookie)
 
 	if (cookie) {
 		l = asprintf(&connstr, "CONNECT %s:%s HTTP/1.1\r\n"
+			"Host: %s:%s\r\n"
 			"Proxy-Authorization: Basic %s\r\n%s\r\n\r\n",
-			host, port, cookie, HTTP_USER_AGENT);
+			host, port, host, port, cookie, HTTP_USER_AGENT);
 	} else {
-		l = asprintf(&connstr, "CONNECT %s:%s HTTP/1.1\r\n%s\r\n\r\n",
-			host, port, HTTP_USER_AGENT);
+		l = asprintf(&connstr, "CONNECT %s:%s HTTP/1.1\r\n"
+			"Host: %s:%s\r\n%s\r\n\r\n",
+			host, port, host, port, HTTP_USER_AGENT);
 	}
 
 	if (l == -1)
-- 
2.20.1