From: Alex Rousskov Date: Sun, 5 Feb 2012 21:55:51 +0000 (-0700) Subject: Use peer certificate to set the requested host name on failures. X-Git-Tag: BumpSslServerFirst.take05~24 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=002db1fa46b426e8bcca1943ab8f357a459bf647;p=thirdparty%2Fsquid.git Use peer certificate to set the requested host name on failures. Even if an intermediate certificate fails, the "which URL failed" information on the error report should be based on the server certificate CN. Intermediate certificate CN may not even be a host name. --- diff --git a/src/forward.cc b/src/forward.cc index 6fe78c7a49..97c30ae5b0 100644 --- a/src/forward.cc +++ b/src/forward.cc @@ -675,7 +675,7 @@ FwdState::negotiateSSL(int fd) if (request->flags.sslPeek) { // If possible, set host name to server certificate CN. - if (X509 *srvX509 = errDetails->brokenCert()) { + if (X509 *srvX509 = errDetails->peerCert()) { if (const char *name = Ssl::CommonHostName(srvX509)) { request->SetHost(name); debugs(83, 3, HERE << "reset request host: " << name);