Don't do TLS upgrade unless the Upgrade header says to...

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@11482 a1ca3aef-8c08-0410-bb20-df032aa958be

diff --git a/scheduler/client.c b/scheduler/client.c
index 1e277881502dc3a0aca3f634c0cc44cee9265dc0..dffcf99f07cfd8368d05fd4e343b846da71efcd8 100644 (file)
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -591,7 +591,6 @@ cupsdReadClient(cupsd_client_t *con)        /* I - Client to read from */
     return;
   }
 
-
 #ifdef HAVE_SSL
   if (con->auto_ssl)
   {
@@ -914,8 +913,7 @@ cupsdReadClient(cupsd_client_t *con)        /* I - Client to read from */
        }
       }
 
-      if (!_cups_strcasecmp(httpGetField(con->http, HTTP_FIELD_CONNECTION), "Upgrade") &&
-         !httpIsEncrypted(con->http))
+      if (!_cups_strcasecmp(httpGetField(con->http, HTTP_FIELD_CONNECTION), "Upgrade") && strstr(httpGetField(con->http, HTTP_FIELD_UPGRADE), "TLS/") != NULL && !httpIsEncrypted(con->http))
       {
 #ifdef HAVE_SSL
        /*