vtls: deduplicate some DISABLE_PROXY ifdefs

continue from #5735

- using SSL_HOST_NAME, SSL_HOST_DISPNAME, SSL_PINNED_PUB_KEY for other
  tls backend

- create SSL_HOST_PORT

Closes #6660

lib/curl_sasl.c

@@ -318,14 +318,8 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct Curl_easy *data,
   struct bufref resp;
   saslstate state1 = SASL_STOP;
   saslstate state2 = SASL_FINAL;
-#ifndef CURL_DISABLE_PROXY
+  const char * const hostname = SSL_HOST_NAME();
-  const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+  const long int port = SSL_HOST_PORT();
-    conn->host.name;
-  const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
-#else
-  const char * const hostname = conn->host.name;
-  const long int port = conn->remote_port;
-#endif
 #if defined(USE_KERBEROS5) || defined(USE_NTLM)
   const char *service = data->set.str[STRING_SERVICE_NAME] ?
     data->set.str[STRING_SERVICE_NAME] :
@@ -509,13 +503,8 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct Curl_easy *data,
   CURLcode result = CURLE_OK;
   saslstate newstate = SASL_FINAL;
   struct bufref resp;
-#ifndef CURL_DISABLE_PROXY
   const char * const hostname = SSL_HOST_NAME();
-  const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
+  const long int port = SSL_HOST_PORT();
-#else
-  const char * const hostname = conn->host.name;
-  const long int port = conn->remote_port;
-#endif
 #if !defined(CURL_DISABLE_CRYPTO_AUTH) || defined(USE_KERBEROS5) ||     \
   defined(USE_NTLM)
   const char *service = data->set.str[STRING_SERVICE_NAME] ?

lib/vtls/bearssl.c

@@ -300,12 +300,7 @@ static CURLcode bearssl_connect_step1(struct Curl_easy *data,
   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
   struct ssl_backend_data *backend = connssl->backend;
   const char * const ssl_cafile = SSL_CONN_CONFIG(CAfile);
-#ifndef CURL_DISABLE_PROXY
+  const char * const hostname = SSL_HOST_NAME();
-  const char *hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
-    conn->host.name;
-#else
-  const char *hostname = conn->host.name;
-#endif
   const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
   const bool verifyhost = SSL_CONN_CONFIG(verifyhost);
   CURLcode ret;

lib/vtls/gskit.c

@@ -705,8 +705,7 @@ static CURLcode gskit_connect_step1(struct Curl_easy *data,
   const char * const keyringlabel = SSL_SET_OPTION(primary.clientcert);
   const long int ssl_version = SSL_CONN_CONFIG(version);
   const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
-  const char * const hostname = SSL_IS_PROXY()? conn->http_proxy.host.name:
+  const char * const hostname = SSL_HOST_NAME();
-    conn->host.name;
   const char *sni;
   unsigned int protoflags = 0;
   Qso_OverlappedIO_t commarea;
@@ -1035,8 +1034,7 @@ static CURLcode gskit_connect_step3(struct Curl_easy *data,
   }
 
   /* Check pinned public key. */
-  ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+  ptr = SSL_PINNED_PUB_KEY();
-    data->set.str[STRING_SSL_PINNEDPUBLICKEY];
   if(!result && ptr) {
     curl_X509certificate x509;
     curl_asn1Element *p;

lib/vtls/gtls.c

@@ -1178,8 +1178,7 @@ gtls_connect_step3(struct Curl_easy *data,
       infof(data, "\t server certificate activation date OK\n");
   }
 
-  ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+  ptr = SSL_PINNED_PUB_KEY();
-    data->set.str[STRING_SSL_PINNEDPUBLICKEY];
   if(ptr) {
     result = pkp_pin_peer_pubkey(data, x509_cert, ptr);
     if(result != CURLE_OK) {

lib/vtls/mbedtls.c

@@ -251,14 +251,8 @@ mbed_connect_step1(struct Curl_easy *data, struct connectdata *conn,
   const char * const ssl_capath = SSL_CONN_CONFIG(CApath);
   char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
   const char * const ssl_crlfile = SSL_SET_OPTION(CRLfile);
-#ifndef CURL_DISABLE_PROXY
+  const char * const hostname = SSL_HOST_NAME();
-  const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+  const long int port = SSL_HOST_PORT();
-    conn->host.name;
-  const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
-#else
-  const char * const hostname = conn->host.name;
-  const long int port = conn->remote_port;
-#endif
   int ret = -1;
   char errorbuf[128];
   errorbuf[0] = 0;
@@ -542,14 +536,7 @@ mbed_connect_step2(struct Curl_easy *data, struct connectdata *conn,
   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
   struct ssl_backend_data *backend = connssl->backend;
   const mbedtls_x509_crt *peercert;
-#ifndef CURL_DISABLE_PROXY
+  const char * const pinnedpubkey = SSL_PINNED_PUB_KEY();
-  const char * const pinnedpubkey = SSL_IS_PROXY() ?
-    data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
-    data->set.str[STRING_SSL_PINNEDPUBLICKEY];
-#else
-  const char * const pinnedpubkey =
-    data->set.str[STRING_SSL_PINNEDPUBLICKEY];
-#endif
 
   conn->recv[sockindex] = mbed_recv;
   conn->send[sockindex] = mbed_send;

lib/vtls/mesalink.c

@@ -98,8 +98,7 @@ mesalink_connect_step1(struct Curl_easy *data,
 #ifdef ENABLE_IPV6
   struct in6_addr addr6;
 #endif
-  const char *const hostname =
+  const char * const hostname = SSL_HOST_NAME();
-    SSL_IS_PROXY() ? conn->http_proxy.host.name : conn->host.name;
   size_t hostname_len = strlen(hostname);
 
   SSL_METHOD *req_method = NULL;

lib/vtls/openssl.c

@@ -3308,11 +3308,7 @@ static CURLcode ossl_connect_step2(struct Curl_easy *data,
        */
       if(CURLE_SSL_CONNECT_ERROR == result && errdetail == 0) {
         const char * const hostname = SSL_HOST_NAME();
-#ifndef CURL_DISABLE_PROXY
+        const long int port = SSL_HOST_PORT();
-        const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
-#else
-        const long int port = conn->remote_port;
-#endif
         char extramsg[80]="";
         int sockerr = SOCKERRNO;
         if(sockerr && detail == SSL_ERROR_SYSCALL)
@@ -3925,8 +3921,7 @@ static CURLcode servercert(struct Curl_easy *data,
     /* when not strict, we don't bother about the verify cert problems */
     result = CURLE_OK;
 
-  ptr = SSL_IS_PROXY() ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
+  ptr = SSL_PINNED_PUB_KEY();
-    data->set.str[STRING_SSL_PINNEDPUBLICKEY];
   if(!result && ptr) {
     result = pkp_pin_peer_pubkey(data, backend->server_cert, ptr);
     if(result)

lib/vtls/schannel.c

@@ -428,12 +428,7 @@ schannel_connect_step1(struct Curl_easy *data, struct connectdata *conn,
 #endif
   TCHAR *host_name;
   CURLcode result;
-#ifndef CURL_DISABLE_PROXY
+  char * const hostname = SSL_HOST_NAME();
-  char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
-    conn->host.name;
-#else
-  char * const hostname = conn->host.name;
-#endif
 
   DEBUGF(infof(data,
                "schannel: SSL/TLS connection with %s port %hu (step 1/3)\n",
@@ -995,12 +990,7 @@ schannel_connect_step2(struct Curl_easy *data, struct connectdata *conn,
   SECURITY_STATUS sspi_status = SEC_E_OK;
   CURLcode result;
   bool doread;
-#ifndef CURL_DISABLE_PROXY
+  char * const hostname = SSL_HOST_NAME();
-  char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
-    conn->host.name;
-#else
-  char * const hostname = conn->host.name;
-#endif
   const char *pubkey_ptr;
 
   doread = (connssl->connecting_state != ssl_connect_2_writing) ? TRUE : FALSE;
@@ -1249,9 +1239,7 @@ schannel_connect_step2(struct Curl_easy *data, struct connectdata *conn,
     DEBUGF(infof(data, "schannel: SSL/TLS handshake complete\n"));
   }
 
-  pubkey_ptr = SSL_IS_PROXY() ?
+  pubkey_ptr = SSL_PINNED_PUB_KEY();
-    data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
-    data->set.str[STRING_SSL_PINNEDPUBLICKEY];
   if(pubkey_ptr) {
     result = pkp_pin_peer_pubkey(data, conn, sockindex, pubkey_ptr);
     if(result) {
@@ -1338,8 +1326,7 @@ schannel_connect_step3(struct Curl_easy *data, struct connectdata *conn,
   CERT_CONTEXT *ccert_context = NULL;
   bool isproxy = SSL_IS_PROXY();
 #ifdef DEBUGBUILD
-  const char * const hostname = isproxy ? conn->http_proxy.host.name :
+  const char * const hostname = SSL_HOST_NAME();
-    conn->host.name;
 #endif
 #ifdef HAS_ALPN
   SecPkgContext_ApplicationProtocol alpn_result;
@@ -2126,12 +2113,7 @@ static int schannel_shutdown(struct Curl_easy *data, struct connectdata *conn,
    * Shutting Down an Schannel Connection
    */
   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
-#ifndef CURL_DISABLE_PROXY
+  char * const hostname = SSL_HOST_NAME();
-  char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
-    conn->host.name;
-#else
-  char * const hostname = conn->host.name;
-#endif
 
   DEBUGASSERT(data);
 

lib/vtls/schannel_verify.c

@@ -536,13 +536,7 @@ CURLcode Curl_verify_certificate(struct Curl_easy *data,
   const CERT_CHAIN_CONTEXT *pChainContext = NULL;
   HCERTCHAINENGINE cert_chain_engine = NULL;
   HCERTSTORE trust_store = NULL;
-#ifndef CURL_DISABLE_PROXY
+  const char * const conn_hostname = SSL_HOST_NAME();
-  const char * const conn_hostname = SSL_IS_PROXY() ?
-    conn->http_proxy.host.name :
-    conn->host.name;
-#else
-  const char * const conn_hostname = conn->host.name;
-#endif
 
   sspi_status =
     s_pSecFn->QueryContextAttributes(&BACKEND->ctxt->ctxt_handle,

lib/vtls/sectransp.c

@@ -1664,16 +1664,9 @@ static CURLcode sectransp_connect_step1(struct Curl_easy *data,
   const bool verifypeer = SSL_CONN_CONFIG(verifypeer);
   char * const ssl_cert = SSL_SET_OPTION(primary.clientcert);
   const struct curl_blob *ssl_cert_blob = SSL_SET_OPTION(primary.cert_blob);
-#ifndef CURL_DISABLE_PROXY
   bool isproxy = SSL_IS_PROXY();
-  const char * const hostname = isproxy ? conn->http_proxy.host.name :
+  const char * const hostname = SSL_HOST_NAME();
-    conn->host.name;
+  const long int port = SSL_HOST_PORT();
-  const long int port = SSL_IS_PROXY() ? conn->port : conn->remote_port;
-#else
-  const isproxy = FALSE;
-  const char * const hostname = conn->host.name;
-  const long int port = conn->remote_port;
-#endif
 #ifdef ENABLE_IPV6
   struct in6_addr addr;
 #else
@@ -2508,12 +2501,7 @@ sectransp_connect_step2(struct Curl_easy *data, struct connectdata *conn,
   OSStatus err;
   SSLCipherSuite cipher;
   SSLProtocol protocol = 0;
-#ifndef CURL_DISABLE_PROXY
+  const char * const hostname = SSL_HOST_NAME();
-  const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
-    conn->host.name;
-#else
-  const char * const hostname = conn->host.name;
-#endif
 
   DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
               || ssl_connect_2_reading == connssl->connecting_state

lib/vtls/vtls.h

@@ -148,6 +148,8 @@ bool Curl_ssl_tls13_ciphersuites(void);
   (SSL_IS_PROXY() ? conn->http_proxy.host.name : conn->host.name)
 #define SSL_HOST_DISPNAME()                                             \
   (SSL_IS_PROXY() ? conn->http_proxy.host.dispname : conn->host.dispname)
+#define SSL_HOST_PORT()                                                 \
+  (SSL_IS_PROXY() ? conn->port : conn->remote_port)
 #define SSL_PINNED_PUB_KEY() (SSL_IS_PROXY()                            \
   ? data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY]                     \
   : data->set.str[STRING_SSL_PINNEDPUBLICKEY])
@@ -158,6 +160,7 @@ bool Curl_ssl_tls13_ciphersuites(void);
 #define SSL_CONN_CONFIG(var) conn->ssl_config.var
 #define SSL_HOST_NAME() conn->host.name
 #define SSL_HOST_DISPNAME() conn->host.dispname
+#define SSL_HOST_PORT() conn->remote_port
 #define SSL_PINNED_PUB_KEY()                                            \
   data->set.str[STRING_SSL_PINNEDPUBLICKEY]
 #endif

lib/vtls/wolfssl.c

@@ -400,12 +400,7 @@ wolfssl_connect_step1(struct Curl_easy *data, struct connectdata *conn,
 #ifdef ENABLE_IPV6
     struct in6_addr addr6;
 #endif
-#ifndef CURL_DISABLE_PROXY
+    const char * const hostname = SSL_HOST_NAME();
-    const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
-      conn->host.name;
-#else
-    const char * const hostname = conn->host.name;
-#endif
     size_t hostname_len = strlen(hostname);
     if((hostname_len < USHRT_MAX) &&
        (0 == Curl_inet_pton(AF_INET, hostname, &addr4)) &&
@@ -534,20 +529,9 @@ wolfssl_connect_step2(struct Curl_easy *data, struct connectdata *conn,
   int ret = -1;
   struct ssl_connect_data *connssl = &conn->ssl[sockindex];
   struct ssl_backend_data *backend = connssl->backend;
-#ifndef CURL_DISABLE_PROXY
+  const char * const hostname = SSL_HOST_NAME();
-  const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
+  const char * const dispname = SSL_HOST_DISPNAME();
-    conn->host.name;
+  const char * const pinnedpubkey = SSL_PINNED_PUB_KEY();
-  const char * const dispname = SSL_IS_PROXY() ?
-    conn->http_proxy.host.dispname : conn->host.dispname;
-  const char * const pinnedpubkey = SSL_IS_PROXY() ?
-    data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] :
-    data->set.str[STRING_SSL_PINNEDPUBLICKEY];
-#else
-  const char * const hostname = conn->host.name;
-  const char * const dispname = conn->host.dispname;
-  const char * const pinnedpubkey =
-    data->set.str[STRING_SSL_PINNEDPUBLICKEY];
-#endif
 
   conn->recv[sockindex] = wolfssl_recv;
   conn->send[sockindex] = wolfssl_send;

lib/x509asn1.c

@@ -1145,10 +1145,8 @@ CURLcode Curl_verifyhost(struct Curl_easy *data, struct connectdata *conn,
   int matched = -1;
   size_t addrlen = (size_t) -1;
   ssize_t len;
-  const char *const hostname = SSL_IS_PROXY()?
+  const char * const hostname = SSL_HOST_NAME();
-    conn->http_proxy.host.name : conn->host.name;
+  const char * const dispname = SSL_HOST_DISPNAME();
-  const char *const dispname = SSL_IS_PROXY()?
-    conn->http_proxy.host.dispname : conn->host.dispname;
 #ifdef ENABLE_IPV6
   struct in6_addr addr;
 #else