Merge 8.7

4 files changed, 473 insertions, 14 deletions

diff --git a/tests/http.test b/tests/http.test
index 11bf0f9..9986a77 100644
--- a/tests/http.test
+++ b/tests/http.test
@@ -88,7 +88,7 @@ http::config -threadlevel $ThreadLevel
 test http-1.1 {http::config} {
     http::config -useragent UserAgent
     http::config
-} [list -accept */* -cookiejar {} -pipeline 1 -postfresh 0 -proxyfilter http::ProxyRequired -proxyhost {} -proxyport {} -repost 0 -threadlevel $ThreadLevel -urlencoding utf-8 -useragent UserAgent -zip 1]
+} [list -accept */* -cookiejar {} -pipeline 1 -postfresh 0 -proxyauth {} -proxyfilter http::ProxyRequired -proxyhost {} -proxynot {} -proxyport {} -repost 0 -threadlevel $ThreadLevel -urlencoding utf-8 -useragent UserAgent -zip 1]
 test http-1.2 {http::config} {
     http::config -proxyfilter
 } http::ProxyRequired
@@ -103,10 +103,10 @@ test http-1.4 {http::config} {
     set x [http::config]
     http::config {*}$savedconf
     set x
-} [list -accept */* -cookiejar {} -pipeline 1 -postfresh 0 -proxyfilter myFilter -proxyhost nowhere.come -proxyport 8080 -repost 0 -threadlevel $ThreadLevel -urlencoding iso8859-1 -useragent {Tcl Test Suite} -zip 1]
+} [list -accept */* -cookiejar {} -pipeline 1 -postfresh 0 -proxyauth {} -proxyfilter myFilter -proxyhost nowhere.come -proxynot {} -proxyport 8080 -repost 0 -threadlevel $ThreadLevel -urlencoding iso8859-1 -useragent {Tcl Test Suite} -zip 1]
 test http-1.5 {http::config} -returnCodes error -body {
     http::config -proxyhost {} -junk 8080
-} -result {Unknown option -junk, must be: -accept, -cookiejar, -pipeline, -postfresh, -proxyfilter, -proxyhost, -proxyport, -repost, -threadlevel, -urlencoding, -useragent, -zip}
+} -result {Unknown option -junk, must be: -accept, -cookiejar, -pipeline, -postfresh, -proxyauth, -proxyfilter, -proxyhost, -proxynot, -proxyport, -repost, -threadlevel, -urlencoding, -useragent, -zip}
 test http-1.6 {http::config} -setup {
     set oldenc [http::config -urlencoding]
 } -body {
@@ -630,7 +630,10 @@ test http-4.14 {http::Event} -body {
 test http-4.15 {http::Event} -body {
     # This test may fail if you use a proxy server. That is to be
     # expected and is not a problem with Tcl.
-    set token [http::geturl //not_a_host.tcl.tk -timeout 3000 -command \#]
+    # With http::config -threadlevel 1 or 2, the script enters the event loop
+    # during the DNS lookup, and has the opportunity to time out.
+    # Increase -timeout from 3000 to 10000 to prevent this.
+    set token [http::geturl //not_a_host.tcl.tk -timeout 10000 -command \#]
     http::wait $token
     set result "[http::status $token] -- [lindex [http::error $token] 0]"
     # error codes vary among platforms.
diff --git a/tests/httpProxy.test b/tests/httpProxy.test
new file mode 100644
index 0000000..42ad574
--- /dev/null
+++ b/tests/httpProxy.test
@@ -0,0 +1,456 @@
+# Commands covered: http::geturl when using a proxy server.
+#
+# This file contains a collection of tests for the http script library.
+# Sourcing this file into Tcl runs the tests and generates output for errors.
+# No output means no errors were found.
+#
+# Copyright © 1991-1993 The Regents of the University of California.
+# Copyright © 1994-1996 Sun Microsystems, Inc.
+# Copyright © 1998-2000 Ajuba Solutions.
+# Copyright © 2022      Keith Nash.
+#
+# See the file "license.terms" for information on usage and redistribution of
+# this file, and for a DISCLAIMER OF ALL WARRANTIES.
+
+if {"::tcltest" ni [namespace children]} {
+    package require tcltest 2.5
+    namespace import -force ::tcltest::*
+}
+
+package require http 2.10
+
+proc bgerror {args} {
+    global errorInfo
+    puts stderr "httpProxy.test bgerror"
+    puts stderr [join $args]
+    puts stderr $errorInfo
+}
+
+if {![info exists ThreadLevel]} {
+    if {[catch {package require Thread}] == 0} {
+        set ValueRange {0 1 2}
+    } else {
+        set ValueRange {0 1}
+    }
+
+    # For each value of ThreadLevel, source this file recursively in the
+    # same interpreter.
+    foreach ThreadLevel $ValueRange {
+        source [info script]
+    }
+    catch {unset ThreadLevel}
+    catch {unset ValueRange}
+    return
+}
+
+catch {puts "==== Test with ThreadLevel $ThreadLevel ===="}
+http::config -threadlevel $ThreadLevel
+
+
+#testConstraint needsSquid 1
+#testConstraint needsTls 1
+
+if {[testConstraint needsTls]} {
+    package require tls
+    http::register https 443 [list ::tls::socket -ssl2 0 -ssl3 0 \
+            -tls1 0 -tls1.1 0 -tls1.2 1 -tls1.3 0 -autoservername 1]
+}
+
+# Testing with Squid
+# - Example Squid configuration for Enterprise Linux 8 (Red Hat, Oracle, Rocky,
+#   Alma, ...) is in file tests/httpProxySquidConfigForEL8.tar.gz.
+# - Two instances of Squid are launched, one that needs authentication and one
+#   that does not.
+# - Each instance of Squid listens on IPv4 and IPv6, on different ports.
+
+# Instance of Squid that does not need authentication.
+set n4host 127.0.0.1
+set n6host ::1
+set n4port 3128
+set n6port 3130
+
+# Instance of Squid that needs authentication.
+set a4host 127.0.0.1
+set a6host ::1
+set a4port 3129
+set a6port 3131
+
+# concat Basic [base64::encode alice:alicia]
+set aliceCreds {Basic YWxpY2U6YWxpY2lh}
+
+# concat Basic [base64::encode intruder:intruder]
+set badCreds {Basic aW50cnVkZXI6aW50cnVkZXI=}
+
+test httpProxy-1.1 {squid is running - ipv4 noauth} -constraints {needsSquid} -setup {
+} -body {
+    set token [http::geturl http://$n4host:$n4port/]
+    set ri [http::responseInfo $token]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed]"
+} -result {complete ok 400 none} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res
+}
+
+test httpProxy-1.2 {squid is running - ipv6 noauth} -constraints {needsSquid} -setup {
+} -body {
+    set token [http::geturl http://\[$n6host\]:$n6port/]
+    set ri [http::responseInfo $token]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed]"
+} -result {complete ok 400 none} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res
+}
+
+test httpProxy-1.3 {squid is running - ipv4 auth} -constraints {needsSquid} -setup {
+} -body {
+    set token [http::geturl http://$a4host:$a4port/]
+    set ri [http::responseInfo $token]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed]"
+} -result {complete ok 400 none} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res
+}
+
+test httpProxy-1.4 {squid is running - ipv6 auth} -constraints {needsSquid} -setup {
+} -body {
+    set token [http::geturl http://\[$a6host\]:$a6port/]
+    set ri [http::responseInfo $token]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed]"
+} -result {complete ok 400 none} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res
+}
+
+test httpProxy-2.1 {http no-proxy no-auth} -constraints {needsSquid} -setup {
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+} -body {
+    set token [http::geturl http://www.google.com/]
+    set ri [http::responseInfo $token]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed]"
+} -result {complete ok 200 none} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res
+}
+
+test httpProxy-2.2 {https no-proxy no-auth} -constraints {needsSquid needsTls} -setup {
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+} -body {
+    set token [http::geturl https://www.google.com/]
+    set ri [http::responseInfo $token]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed]"
+} -result {complete ok 200 none} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res
+}
+
+test httpProxy-2.3 {http with-proxy ipv4 no-auth} -constraints {needsSquid} -setup {
+   http::config -proxyhost $n4host -proxyport $n4port -proxynot {127.0.0.1 localhost} -proxyauth {}
+} -body {
+    set token [http::geturl http://www.google.com/]
+    set ri [http::responseInfo $token]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed]"
+} -result {complete ok 200 HttpProxy} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res
+    http::config -proxyhost {} -proxyport {} -proxynot {}
+}
+
+test httpProxy-2.4 {https with-proxy ipv4 no-auth} -constraints {needsSquid needsTls} -setup {
+   http::config -proxyhost $n4host -proxyport $n4port -proxynot {127.0.0.1 localhost} -proxyauth {}
+} -body {
+    set token [http::geturl https://www.google.com/]
+    set ri [http::responseInfo $token]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed]"
+} -result {complete ok 200 SecureProxy} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res
+    http::config -proxyhost {} -proxyport {} -proxynot {}
+}
+
+test httpProxy-2.5 {http with-proxy ipv6 no-auth} -constraints {needsSquid} -setup {
+   http::config -proxyhost $n6host -proxyport $n6port -proxynot {127.0.0.1 localhost} -proxyauth {}
+} -body {
+    set token [http::geturl http://www.google.com/]
+    set ri [http::responseInfo $token]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed]"
+} -result {complete ok 200 HttpProxy} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res
+    http::config -proxyhost {} -proxyport {} -proxynot {}
+}
+
+test httpProxy-2.6 {https with-proxy ipv6 no-auth} -constraints {needsSquid needsTls} -setup {
+   http::config -proxyhost $n6host -proxyport $n6port -proxynot {127.0.0.1 localhost} -proxyauth {}
+} -body {
+    set token [http::geturl https://www.google.com/]
+    set ri [http::responseInfo $token]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed]"
+} -result {complete ok 200 SecureProxy} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res
+    http::config -proxyhost {} -proxyport {} -proxynot {}
+}
+
+test httpProxy-3.1 {http no-proxy with-auth valid-creds-provided} -constraints {needsSquid} -setup {
+   http::config -proxyhost {} -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $aliceCreds
+} -body {
+    set token [http::geturl http://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 200 none 0 0} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-3.2 {https no-proxy with-auth valid-creds-provided} -constraints {needsSquid needsTls} -setup {
+   http::config -proxyhost {} -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $aliceCreds
+} -body {
+    set token [http::geturl https://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 200 none 0 0} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-3.3 {http with-proxy ipv4 with-auth valid-creds-provided} -constraints {needsSquid} -setup {
+   http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $aliceCreds
+} -body {
+    set token [http::geturl http://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 200 HttpProxy 1 1} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-3.4 {https with-proxy ipv4 with-auth valid-creds-provided} -constraints {needsSquid needsTls} -setup {
+   http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $aliceCreds
+} -body {
+    set token [http::geturl https://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 200 SecureProxy 0 0} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-3.5 {http with-proxy ipv6 with-auth valid-creds-provided} -constraints {needsSquid} -setup {
+   http::config -proxyhost $a6host -proxyport $a6port -proxynot {127.0.0.1 localhost} -proxyauth $aliceCreds
+} -body {
+    set token [http::geturl http://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 200 HttpProxy 1 1} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-3.6 {https with-proxy ipv6 with-auth valid-creds-provided} -constraints {needsSquid needsTls} -setup {
+   http::config -proxyhost $a6host -proxyport $a6port -proxynot {127.0.0.1 localhost} -proxyauth $aliceCreds
+} -body {
+    set token [http::geturl https://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 200 SecureProxy 0 0} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-4.1 {http no-proxy with-auth no-creds-provided} -constraints {needsSquid} -setup {
+   http::config -proxyhost {} -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth {}
+} -body {
+    set token [http::geturl http://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 200 none 0 0} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-4.2 {https no-proxy with-auth no-creds-provided} -constraints {needsSquid needsTls} -setup {
+   http::config -proxyhost {} -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth {}
+} -body {
+    set token [http::geturl https://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 200 none 0 0} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-4.3 {http with-proxy ipv4 with-auth no-creds-provided} -constraints {needsSquid} -setup {
+   http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth {}
+} -body {
+    set token [http::geturl http://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 407 HttpProxy 0 0} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-4.4 {https with-proxy ipv4 with-auth no-creds-provided} -constraints {needsSquid needsTls} -setup {
+   http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth {}
+} -body {
+    set token [http::geturl https://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 407 SecureProxy 0 0} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-4.5 {http with-proxy ipv6 with-auth no-creds-provided} -constraints {needsSquid} -setup {
+   http::config -proxyhost $a6host -proxyport $a6port -proxynot {127.0.0.1 localhost} -proxyauth {}
+} -body {
+    set token [http::geturl http://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 407 HttpProxy 0 0} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-4.6 {https with-proxy ipv6 with-auth no-creds-provided} -constraints {needsSquid needsTls} -setup {
+   http::config -proxyhost $a6host -proxyport $a6port -proxynot {127.0.0.1 localhost} -proxyauth {}
+} -body {
+    set token [http::geturl https://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $aliceCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 407 SecureProxy 0 0} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-5.1 {http no-proxy with-auth bad-creds-provided} -constraints {needsSquid} -setup {
+   http::config -proxyhost {} -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $badCreds
+} -body {
+    set token [http::geturl http://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 200 none 0 0} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-5.2 {https no-proxy with-auth bad-creds-provided} -constraints {needsSquid needsTls} -setup {
+   http::config -proxyhost {} -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $badCreds
+} -body {
+    set token [http::geturl https://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 200 none 0 0} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-5.3 {http with-proxy ipv4 with-auth bad-creds-provided} -constraints {needsSquid} -setup {
+   http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $badCreds
+} -body {
+    set token [http::geturl http://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 407 HttpProxy 1 1} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-5.4 {https with-proxy ipv4 with-auth bad-creds-provided} -constraints {needsSquid needsTls} -setup {
+   http::config -proxyhost $a4host -proxyport $a4port -proxynot {127.0.0.1 localhost} -proxyauth $badCreds
+} -body {
+    set token [http::geturl https://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 407 SecureProxy 1 1} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-5.5 {http with-proxy ipv6 with-auth bad-creds-provided} -constraints {needsSquid} -setup {
+   http::config -proxyhost $a6host -proxyport $a6port -proxynot {127.0.0.1 localhost} -proxyauth $badCreds
+} -body {
+    set token [http::geturl http://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 407 HttpProxy 1 1} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+test httpProxy-5.6 {https with-proxy ipv6 with-auth bad-creds-provided} -constraints {needsSquid needsTls} -setup {
+   http::config -proxyhost $a6host -proxyport $a6port -proxynot {127.0.0.1 localhost} -proxyauth $badCreds
+} -body {
+    set token [http::geturl https://www.google.com/]
+    set ri [http::responseInfo $token]
+    set pos1 [lsearch -exact [string tolower [set ${token}(requestHeaders)]] proxy-authorization]
+    set pos2 [lsearch -exact [set ${token}(requestHeaders)] $badCreds]
+    set res "[dict get $ri stage] [dict get $ri status] [dict get $ri responseCode] [dict get $ri proxyUsed] [expr {$pos1 > -1}] [expr {$pos2 > -1}]"
+} -result {complete ok 407 SecureProxy 1 1} -cleanup {
+    http::cleanup $token
+    unset -nocomplain ri res pos1 pos2
+    http::config -proxyhost {} -proxyport {} -proxynot {} -proxyauth {}
+}
+
+# cleanup
+unset -nocomplain n4host n6host n4port n6port a4host a6host a4port a6port aliceCreds badCreds
+
+rename bgerror {}
+
+::tcltest::cleanupTests
+
+# Local variables:
+# mode: tcl
+# End:
+
diff --git a/tests/httpProxySquidConfigForEL8.tar.gz b/tests/httpProxySquidConfigForEL8.tar.gz
new file mode 100644
index 0000000..a94dbdb
--- /dev/null
+++ b/tests/httpProxySquidConfigForEL8.tar.gz
diff --git a/tests/socket.test b/tests/socket.test
index 7fdb09d..a0fe2f7 100644
--- a/tests/socket.test
+++ b/tests/socket.test
@@ -308,13 +308,13 @@ test socket_$af-1.1 {arg parsing for socket command} -constraints [list socket s
 } -returnCodes error -result {no argument given for -server option}
 test socket_$af-1.2 {arg parsing for socket command} -constraints [list socket supported_$af] -body {
     socket -server foo
-} -returnCodes error -result {wrong # args: should be "socket ?-myaddr addr? ?-myport myport? ?-async? host port" or "socket -server command ?-reuseaddr boolean? ?-reuseport boolean? ?-myaddr addr? port"}
+} -returnCodes error -result {wrong # args: should be "socket ?-async? ?-myaddr addr? ?-myport myport? host port" or "socket -server command ?-backlog count? ?-myaddr addr? ?-reuseaddr boolean? ?-reuseport boolean? port"}
 test socket_$af-1.3 {arg parsing for socket command} -constraints [list socket supported_$af] -body {
     socket -myaddr
 } -returnCodes error -result {no argument given for -myaddr option}
 test socket_$af-1.4 {arg parsing for socket command} -constraints [list socket supported_$af] -body {
     socket -myaddr $localhost
-} -returnCodes error -result {wrong # args: should be "socket ?-myaddr addr? ?-myport myport? ?-async? host port" or "socket -server command ?-reuseaddr boolean? ?-reuseport boolean? ?-myaddr addr? port"}
+} -returnCodes error -result {wrong # args: should be "socket ?-async? ?-myaddr addr? ?-myport myport? host port" or "socket -server command ?-backlog count? ?-myaddr addr? ?-reuseaddr boolean? ?-reuseport boolean? port"}
 test socket_$af-1.5 {arg parsing for socket command} -constraints [list socket supported_$af] -body {
     socket -myport
 } -returnCodes error -result {no argument given for -myport option}
@@ -323,19 +323,19 @@ test socket_$af-1.6 {arg parsing for socket command} -constraints [list socket s
 } -returnCodes error -result {expected integer but got "xxxx"}
 test socket_$af-1.7 {arg parsing for socket command} -constraints [list socket supported_$af] -body {
     socket -myport 2522
-} -returnCodes error -result {wrong # args: should be "socket ?-myaddr addr? ?-myport myport? ?-async? host port" or "socket -server command ?-reuseaddr boolean? ?-reuseport boolean? ?-myaddr addr? port"}
+} -returnCodes error -result {wrong # args: should be "socket ?-async? ?-myaddr addr? ?-myport myport? host port" or "socket -server command ?-backlog count? ?-myaddr addr? ?-reuseaddr boolean? ?-reuseport boolean? port"}
 test socket_$af-1.8 {arg parsing for socket command} -constraints [list socket supported_$af] -body {
     socket -froboz
-} -returnCodes error -result {bad option "-froboz": must be -async, -myaddr, -myport, -reuseaddr, -reuseport, or -server}
+} -returnCodes error -result {bad option "-froboz": must be -async, -backlog, -myaddr, -myport, -reuseaddr, -reuseport, or -server}
 test socket_$af-1.9 {arg parsing for socket command} -constraints [list socket supported_$af] -body {
     socket -server foo -myport 2521 3333
 } -returnCodes error -result {option -myport is not valid for servers}
 test socket_$af-1.10 {arg parsing for socket command} -constraints [list socket supported_$af] -body {
     socket host 2528 -junk
-} -returnCodes error -result {wrong # args: should be "socket ?-myaddr addr? ?-myport myport? ?-async? host port" or "socket -server command ?-reuseaddr boolean? ?-reuseport boolean? ?-myaddr addr? port"}
+} -returnCodes error -result {wrong # args: should be "socket ?-async? ?-myaddr addr? ?-myport myport? host port" or "socket -server command ?-backlog count? ?-myaddr addr? ?-reuseaddr boolean? ?-reuseport boolean? port"}
 test socket_$af-1.11 {arg parsing for socket command} -constraints [list socket supported_$af] -body {
     socket -server callback 2520 --
-} -returnCodes error -result {wrong # args: should be "socket ?-myaddr addr? ?-myport myport? ?-async? host port" or "socket -server command ?-reuseaddr boolean? ?-reuseport boolean? ?-myaddr addr? port"}
+} -returnCodes error -result {wrong # args: should be "socket ?-async? ?-myaddr addr? ?-myport myport? host port" or "socket -server command ?-backlog count? ?-myaddr addr? ?-reuseaddr boolean? ?-reuseport boolean? port"}
 test socket_$af-1.12 {arg parsing for socket command} -constraints [list socket supported_$af] -body {
     socket foo badport
 } -returnCodes error -result {expected integer but got "badport"}
@@ -347,19 +347,19 @@ test socket_$af-1.14 {arg parsing for socket command} -constraints [list socket
 } -returnCodes error -result {cannot set -async option for server sockets}
 test socket_$af-1.15 {arg parsing for socket command} -constraints [list socket supported_$af] -body {
     socket -reuseaddr yes 4242
-} -returnCodes error -result {options -reuseaddr and -reuseport are only valid for servers}
+} -returnCodes error -result {options -backlog, -reuseaddr, and -reuseport are only valid for servers}
 test socket_$af-1.16 {arg parsing for socket command} -constraints [list socket supported_$af] -body {
     socket -reuseaddr no 4242
-} -returnCodes error -result {options -reuseaddr and -reuseport are only valid for servers}
+} -returnCodes error -result {options -backlog, -reuseaddr, and -reuseport are only valid for servers}
 test socket_$af-1.17 {arg parsing for socket command} -constraints [list socket supported_$af] -body {
     socket -reuseaddr
 } -returnCodes error -result {no argument given for -reuseaddr option}
 test socket_$af-1.18 {arg parsing for socket command} -constraints [list socket supported_$af] -body {
     socket -reuseport yes 4242
-} -returnCodes error -result {options -reuseaddr and -reuseport are only valid for servers}
+} -returnCodes error -result {options -backlog, -reuseaddr, and -reuseport are only valid for servers}
 test socket_$af-1.19 {arg parsing for socket command} -constraints [list socket supported_$af] -body {
     socket -reuseport no 4242
-} -returnCodes error -result {options -reuseaddr and -reuseport are only valid for servers}
+} -returnCodes error -result {options -backlog, -reuseaddr, and -reuseport are only valid for servers}
 test socket_$af-1.20 {arg parsing for socket command} -constraints [list socket supported_$af] -body {
     socket -reuseport
 } -returnCodes error -result {no argument given for -reuseport option}