From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Tue, 5 Aug 2014 10:41:26 +0000 (+0300)
Subject: peek-and-splice: Fix stare mode
X-Git-Tag: SQUID_3_5_0_1~89^2~9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=35178e02c054eff272e6eb172f33dc4cdb907c5a;p=thirdparty%2Fsquid.git

peek-and-splice: Fix stare mode

- For peek mode we need to always forward client hello message
- For stare mode we must forward client hello message only if we can mimic
  all of the client SSL features, else we should sent a new SSL hello message.
---

diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc
index 75cee5a5c1..6917397091 100644
--- a/src/ssl/bio.cc
+++ b/src/ssl/bio.cc
@@ -452,13 +452,16 @@ Ssl::ServerBio::write(const char *buf, int size, BIO *table)
                     if (adjustSSL(ssl, clientFeatures, true))
                         allowBump = true;
                     allowSplice = true;
+                    helloMsg.append(clientFeatures.helloMessage.content(), clientFeatures.helloMessage.contentSize());
+                    debugs(83, 7,  "SSL HELLO message for FD " << fd_ << ": Random number is adjusted for peek mode");
                 } else { /*Ssl::bumpStare*/
                     allowBump = true;
-                    if (adjustSSL(ssl, clientFeatures, false))
+                    if (adjustSSL(ssl, clientFeatures, false)) {
                         allowSplice = true;
+                        helloMsg.append(clientFeatures.helloMessage.content(), clientFeatures.helloMessage.contentSize());
+                        debugs(83, 7,  "SSL HELLO message for FD " << fd_ << ": Random number is adjusted for stare mode");
+                    }
                 }
-                helloMsg.append(clientFeatures.helloMessage.content(), clientFeatures.helloMessage.contentSize());
-                debugs(83, 7,  "SSL HELLO message for FD " << fd_ << ": Random number is adjusted");
             }
         }
         // If we do not build any hello message, copy the current