peek-and-splice: Fix stare mode

- For peek mode we need to always forward client hello message
- For stare mode we must forward client hello message only if we can mimic
  all of the client SSL features, else we should sent a new SSL hello message.

diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc
index 75cee5a5c1b97098a4dbcc81a444e0b38c4d4339..691739709152f3880c1bbfd05c612aea9b4f8406 100644 (file)
--- a/src/ssl/bio.cc
+++ b/src/ssl/bio.cc
@@ -452,13 +452,16 @@ Ssl::ServerBio::write(const char *buf, int size, BIO *table)
                     if (adjustSSL(ssl, clientFeatures, true))
                         allowBump = true;
                     allowSplice = true;
+                    helloMsg.append(clientFeatures.helloMessage.content(), clientFeatures.helloMessage.contentSize());
+                    debugs(83, 7,  "SSL HELLO message for FD " << fd_ << ": Random number is adjusted for peek mode");
                 } else { /*Ssl::bumpStare*/
                     allowBump = true;
-                    if (adjustSSL(ssl, clientFeatures, false))
+                    if (adjustSSL(ssl, clientFeatures, false)) {
                         allowSplice = true;
+                        helloMsg.append(clientFeatures.helloMessage.content(), clientFeatures.helloMessage.contentSize());
+                        debugs(83, 7,  "SSL HELLO message for FD " << fd_ << ": Random number is adjusted for stare mode");
+                    }
                 }
-                helloMsg.append(clientFeatures.helloMessage.content(), clientFeatures.helloMessage.contentSize());
-                debugs(83, 7,  "SSL HELLO message for FD " << fd_ << ": Random number is adjusted");
             }
         }
         // If we do not build any hello message, copy the current