From df6be9bb176897a37dfd65e529979bf3e179c229 Mon Sep 17 00:00:00 2001
From: sbiscigl <sbiscigl@amazon.com>
Date: Tue, 31 Mar 2026 12:07:37 -0400
Subject: [PATCH] enable HTTPS_PROXY var for crt credentials providers

---
 .../auth/ProfileCredentialsProvider.cpp       | 27 ++++++++++++++++---
 .../source/auth/STSCredentialsProvider.cpp    |  8 ++++++
 2 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/src/aws-cpp-sdk-core/source/auth/ProfileCredentialsProvider.cpp b/src/aws-cpp-sdk-core/source/auth/ProfileCredentialsProvider.cpp
index 04878b34916e..7ce8c7109db8 100644
--- a/src/aws-cpp-sdk-core/source/auth/ProfileCredentialsProvider.cpp
+++ b/src/aws-cpp-sdk-core/source/auth/ProfileCredentialsProvider.cpp
@@ -1,9 +1,15 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+#include <aws/core/Globals.h>
 #include <aws/core/auth/CrtCredentialsProvider.h>
 #include <aws/core/auth/ProfileCredentialsProvider.h>
 #include <aws/core/client/UserAgent.h>
 #include <aws/core/platform/Environment.h>
 #include <aws/core/platform/FileSystem.h>
 #include <aws/crt/auth/Credentials.h>
+#include <aws/crt/http/HttpConnection.h>
 
 #include <chrono>
 
@@ -17,6 +23,23 @@ const char PROFILE_AWS_CREDENTIALS_FILE[] = "AWS_SHARED_CREDENTIALS_FILE";
 const char PROFILE_DEFAULT_CREDENTIALS_FILE[] = "credentials";
 const char PROFILE_PROFILE_DIRECTORY[] = ".aws";
 const long DEFAULT_REFRESH_RATE_MS = 300000;
+
+std::shared_ptr<Aws::Crt::Auth::ICredentialsProvider> GetProfileCrtProvider(const char* profile) {
+  CredentialsProviderProfileConfig config{};
+  config.ProfileNameOverride = Aws::Crt::ByteCursorFromCString(profile);
+  config.Bootstrap = Aws::GetDefaultClientBootstrap();
+
+  Aws::Crt::Http::ProxyEnvVarOptions options{};
+  options.proxyEnvVarType = Aws::Crt::Http::ProxyEnvVarType::Enabled;
+  options.connectionType = Aws::Crt::Http::AwsHttpProxyConnectionType::Legacy;
+  const auto tlsOptions = Aws::GetDefaultTlsConnectionOptions();
+  if (tlsOptions) {
+    options.TlsOptions = *tlsOptions;
+  }
+  config.ProxyEnvVarOptions = options;
+
+  return CredentialsProvider::CreateCredentialsProviderProfile(config);
+}
 }  // namespace
 
 class ProfileCredentialsProvider::ProfileCredentialsProviderImp : public CrtCredentialsProvider {
@@ -32,9 +55,7 @@ class ProfileCredentialsProvider::ProfileCredentialsProviderImp : public CrtCred
   ProfileCredentialsProviderImp(const char* profile)
       : CrtCredentialsProvider(
             [profile]() -> std::shared_ptr<ICredentialsProvider> {
-              CredentialsProviderProfileConfig config;
-              config.ProfileNameOverride = Aws::Crt::ByteCursorFromCString(profile);
-              return CredentialsProvider::CreateCredentialsProviderProfile(config);
+              return GetProfileCrtProvider(profile);
             },
             std::chrono::milliseconds(DEFAULT_REFRESH_RATE_MS), UserAgentFeature::CREDENTIALS_PROFILE,
             "ProfileCredentialsProvider") {}
diff --git a/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp b/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp
index 86833a144e20..b7180d46a84a 100644
--- a/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp
+++ b/src/aws-cpp-sdk-core/source/auth/STSCredentialsProvider.cpp
@@ -35,6 +35,14 @@ std::shared_ptr<Aws::Crt::Auth::ICredentialsProvider> GetSTSCrtProvider(
   }()
                                                         .c_str();
 
+  Aws::Crt::Http::ProxyEnvVarOptions options{};
+  options.proxyEnvVarType = Aws::Crt::Http::ProxyEnvVarType::Enabled;
+  options.connectionType = Aws::Crt::Http::AwsHttpProxyConnectionType::Legacy;
+  if (tlsOptions) {
+    options.TlsOptions = *tlsOptions;
+  }
+  stsConfig.ProxyEnvVarOptions = options;
+
   return Aws::Crt::Auth::CredentialsProvider::CreateCredentialsProviderSTSWebIdentity(stsConfig);
 }
 }  // namespace