]> git.ipfire.org Git - thirdparty/squid.git/commitdiff
projects / thirdparty / squid.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7fc31d3)
Use peer certificate to set the requested host name on failures.
authorAlex Rousskov <rousskov@measurement-factory.com>
Sun, 5 Feb 2012 21:55:51 +0000 (14:55 -0700)
committerAlex Rousskov <rousskov@measurement-factory.com>
Sun, 5 Feb 2012 21:55:51 +0000 (14:55 -0700)
Even if an intermediate certificate fails, the "which URL failed" information
on the error report should be based on the server certificate CN. Intermediate
certificate CN may not even be a host name.

src/forward.cc patch | blob | blame | history

diff --git a/src/forward.cc b/src/forward.cc
index 6fe78c7a4980c9ffc78b300833f78145aa090e96..97c30ae5b006c04accdb1694db84a620247e33d1 100644 (file)
--- a/src/forward.cc
+++ b/src/forward.cc
@@ -675,7 +675,7 @@ FwdState::negotiateSSL(int fd)
 
             if (request->flags.sslPeek) {
                 // If possible, set host name to server certificate CN.
-                if (X509 *srvX509 = errDetails->brokenCert()) {
+                if (X509 *srvX509 = errDetails->peerCert()) {
                     if (const char *name = Ssl::CommonHostName(srvX509)) {
                         request->SetHost(name);
                         debugs(83, 3, HERE << "reset request host: " << name);
Mirror of https://github.com/squid-cache/squid.git