Do not send custom HTTP headers to proxies
Per cURL security advisory <http://curl.haxx.se/docs/adv_20150429.html>
(CVE-2015-3153), cURL libraries between 7.1 and 7.42.0 versions sent
custom HTTP headers not only an HTTPS server, but also to a proxy.
libisds uses this feature to set Accept and Content-Type headers. As a result,
vulnerable cURL revealed these two headers (among Host, User-Agent, and
Proxy-Connection headers) to a proxy on CONNECT request.
This patch stops sending the two headers in CONNECT request to a proxy.
Please note that user name, password and one-time password never have been
sent to proxy because libisds uses different cURL feature to set them which is
not vulnerable.