libfetch: fix connection pooling for proxied http/https requests

The connection pooling was broken in two ways:

 1. The original URL was always used as the connection pool URL,
    resulting in duplicate connections to the proxy for http URLs
    (each http URL would get separate proxy connection)

 2. The cache_url stored was always the socket level connect URL.
    In case of HTTPS, the lookup was done done with the real URL,
    but the proxy URL was stored as the "cache URL". Thus HTTPS
    CONNECT connections were never re-used.

This fixes the code with following logic:

 1. The cache key url is the real URL when no-proxy, or when HTTPS
    with proxy (the socket is connected to proxy, but logically it
    is connected to the real URL due to HTTP CONNECT request).
    And for HTTP with proxy, it's the proxy URL so same proxy
    connection can be reused for all requests going through it.

 2. fetch_connect() now gets cache key URL separately, and it always
    gets the same value as the fetch_cache_get() calls.

libfetch/common.c

@@ -251,7 +251,7 @@ fetch_bind(int sd, int af, const char *addr)
  * Establish a TCP connection to the specified port on the specified host.
  */
 conn_t *
-fetch_connect(struct url *url, int af, int verbose)
+fetch_connect(struct url *cache_url, struct url *url, int af, int verbose)
 {
 	conn_t *conn;
 	char pbuf[10];
@@ -303,7 +303,7 @@ fetch_connect(struct url *url, int af, int verbose)
 		close(sd);
 		return (NULL);
 	}
-	conn->cache_url = fetchCopyURL(url);
+	conn->cache_url = fetchCopyURL(cache_url);
 	conn->cache_af = af;
 	return (conn);
 }

libfetch/common.h

@@ -91,7 +91,7 @@ int		 fetch_default_proxy_port(const char *);
 int		 fetch_bind(int, int, const char *);
 conn_t		*fetch_cache_get(const struct url *, int);
 void		 fetch_cache_put(conn_t *, int (*)(conn_t *));
-conn_t		*fetch_connect(struct url *, int, int);
+conn_t		*fetch_connect(struct url *, struct url *, int, int);
 conn_t		*fetch_reopen(int);
 int		 fetch_ssl(conn_t *, const struct url *, int);
 ssize_t		 fetch_read(conn_t *, char *, size_t);

libfetch/ftp.c

@@ -1020,7 +1020,7 @@ ftp_connect(struct url *url, struct url *purl, const char *flags)
 		if (!purl->port)
 			purl->port = fetch_default_port(purl->scheme);
 
-		conn = fetch_connect(purl, af, verbose);
+		conn = fetch_connect(purl, purl, af, verbose);
 	} else {
 		/* no proxy, go straight to target */
 		if (!url->port)
@@ -1032,7 +1032,7 @@ ftp_connect(struct url *url, struct url *purl, const char *flags)
 				return conn;
 			fetch_close(conn);
 		}
-		conn = fetch_connect(url, af, verbose);
+		conn = fetch_connect(url, url, af, verbose);
 		purl = NULL;
 	}
 

libfetch/http.c

@@ -690,33 +690,33 @@ http_cork(conn_t *conn, int val)
 static conn_t *
 http_connect(struct url *URL, struct url *purl, const char *flags, int *cached)
 {
-	struct url *curl;
+	struct url *cache_url;
 	conn_t *conn;
 	hdr_t h;
 	const char *p;
-	int af, verbose;
+	int af, verbose, is_https;
 
 	*cached = 0;
-
 	af = AF_UNSPEC;
-
 	verbose = CHECK_FLAG('v');
 	if (CHECK_FLAG('4'))
 		af = AF_INET;
 	else if (CHECK_FLAG('6'))
 		af = AF_INET6;
 
-	curl = (purl != NULL) ? purl : URL;
+	is_https = strcasecmp(URL->scheme, SCHEME_HTTPS) == 0;
+	cache_url = (is_https || !purl) ? URL : purl;
 
-	if ((conn = fetch_cache_get(URL, af)) != NULL) {
+	if ((conn = fetch_cache_get(cache_url, af)) != NULL) {
 		*cached = 1;
 		return (conn);
 	}
 
-	if ((conn = fetch_connect(curl, af, verbose)) == NULL)
+	if ((conn = fetch_connect(cache_url, purl ?: URL, af, verbose)) == NULL)
 		/* fetch_connect() has already set an error code */
 		return (NULL);
-	if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 && purl) {
+
+	if (is_https && purl) {
 		http_cork(conn, 1);
 		http_cmd(conn, "CONNECT %s:%d HTTP/1.1\r\nHost: %s:%d\r\n\r\n",
 			 URL->host, URL->port, URL->host, URL->port);
@@ -738,8 +738,7 @@ http_connect(struct url *URL, struct url *purl, const char *flags, int *cached)
 			}
 		} while (h > hdr_end);
 	}
-	if (strcasecmp(URL->scheme, SCHEME_HTTPS) == 0 &&
-	    fetch_ssl(conn, URL, verbose) == -1) {
+	if (is_https && fetch_ssl(conn, URL, verbose) == -1) {
 		/* grrr */
 #ifdef EAUTH
 		errno = EAUTH;