Thank you for the reproducer and patch! I am able to reproduce it with the upstream git HEAD. The proposed patch makes sense to me. I will propose it upstream on your behalf.
Thank you. I wanted to open PR too but I failed to build it successfully. Thank you for proposing it upstream.
Created attachment 1713334 [details]
[PATCH] http_proxy: do not crash with HTTPS_PROXY and NO_PROXY set
It turned out that the proposed patch does not work as expected. There are more places in the code where (conn->http_proxy.proxytype == CURLPROXY_HTTPS) is checked regardless of the conn->bits.httpproxy flag, which resulted in hanging or crashes on other code paths. So I ended up with attachment #1713334 [details], which seems to work better. Martin, could you please have a look at it?
If you are fine with attachment #1713334 [details], I will open an upstream pull request for it, either with you as the commit author, or bug reporter, whichever you prefer.
I'm fine with it, thank you!
upstream pull request: https://github.com/curl/curl/pull/5902
upstream commit: https://github.com/curl/curl/commit/3eff1c50