getSslContextStart();
return;
} else if (sslServerBump->act.step1 == Ssl::bumpServerFirst) {
+ debugs(83, 5, "server-first skips step2; start forwarding the request");
+ sslServerBump->step = XactionStep::tlsBump3;
Http::StreamPointer context = pipeline.front();
ClientHttpRequest *http = context ? context->http : nullptr;
// will call httpsPeeked() with certificate and connection, eventually
inBuf.clear();
debugs(83, 5, "Peek and splice at step2 done. Start forwarding the request!!! ");
+ sslServerBump->step = XactionStep::tlsBump3;
FwdState::Start(clientConnection, sslServerBump->entry, sslServerBump->request.getRaw(), http ? http->al : NULL);
}
CBDATA_NAMESPACED_CLASS_INIT(Ssl, PeekingPeerConnector);
+Ssl::PeekingPeerConnector::PeekingPeerConnector(HttpRequestPointer &aRequest,
+ const Comm::ConnectionPointer &aServerConn,
+ const Comm::ConnectionPointer &aClientConn,
+ AsyncCall::Pointer &aCallback,
+ const AccessLogEntryPointer &alp,
+ const time_t timeout):
+ AsyncJob("Ssl::PeekingPeerConnector"),
+ Security::PeerConnector(aServerConn, aCallback, alp, timeout),
+ clientConn(aClientConn),
+ splice(false),
+ serverCertificateHandled(false)
+{
+ request = aRequest;
+
+ if (const auto csd = request->clientConnectionManager.valid()) {
+ const auto serverBump = csd->serverBump();
+ Must(serverBump);
+ Must(serverBump->at(XactionStep::tlsBump3));
+ }
+ // else the client is gone, and we cannot check the step, but must carry on
+}
+
void
Ssl::PeekingPeerConnector::cbCheckForPeekAndSpliceDone(const Acl::Answer aclAnswer, void *data)
{
void
Ssl::PeekingPeerConnector::checkForPeekAndSplice()
{
- // Mark Step3 of bumping
- if (request->clientConnectionManager.valid()) {
- if (Ssl::ServerBump *serverBump = request->clientConnectionManager->serverBump()) {
- serverBump->step = XactionStep::tlsBump3;
- }
- }
-
handleServerCertificate();
ACLFilledChecklist *acl_checklist = new ACLFilledChecklist(
if (hostName)
SSL_set_ex_data(serverSession.get(), ssl_ex_index_server, (void*)hostName);
- Must(!csd->serverBump() || csd->serverBump()->at(XactionStep::tlsBump1, XactionStep::tlsBump2));
if (csd->sslBumpMode == Ssl::bumpPeek || csd->sslBumpMode == Ssl::bumpStare) {
auto clientSession = fd_table[clientConn->fd].ssl.get();
Must(clientSession);
const Comm::ConnectionPointer &aClientConn,
AsyncCall::Pointer &aCallback,
const AccessLogEntryPointer &alp,
- const time_t timeout = 0) :
- AsyncJob("Ssl::PeekingPeerConnector"),
- Security::PeerConnector(aServerConn, aCallback, alp, timeout),
- clientConn(aClientConn),
- splice(false),
- serverCertificateHandled(false)
- {
- request = aRequest;
- }
+ time_t timeout = 0);
/* Security::PeerConnector API */
virtual bool initialize(Security::SessionPointer &);