From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Wed, 14 Dec 2011 17:59:23 +0000 (-0700)
Subject: Allow intercepted SSL connections to be bumped,
X-Git-Tag: BumpSslServerFirst.take01~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4090b8be71c8a96a50ceafd0ab42b16375c1c139;p=thirdparty%2Fsquid.git

Allow intercepted SSL connections to be bumped,
in addition to the tproxied SSL connections.
---

diff --git a/src/cache_cf.cc b/src/cache_cf.cc
index 0234ec13fd..ac9a8a7394 100644
--- a/src/cache_cf.cc
+++ b/src/cache_cf.cc
@@ -4054,13 +4054,14 @@ parse_https_port_list(https_port_list ** head)
         parse_http_port_option(s, token);
     }
 
-    /* ssl-bump requires tproxy and vice versa */
-    if (s->sslBump && !s->spoof_client_ip) {
-        debugs(3, DBG_CRITICAL, "FATAL: ssl-bump on https_port requires tproxy which is missing.");
+    /* ssl-bump requires either tproxy or intercepted, and vice versa */
+    const bool hijacked = s->spoof_client_ip || s->intercepted;
+    if (s->sslBump && !hijacked) {
+        debugs(3, DBG_CRITICAL, "FATAL: ssl-bump on https_port requires tproxy/intercepted which is missing.");
         self_destruct();
     }
-    if (s->spoof_client_ip && !s->sslBump) {
-        debugs(3, DBG_CRITICAL, "FATAL: tproxy on https_port requires ssl-bump which is missing.");
+    if (hijacked && !s->sslBump) {
+        debugs(3, DBG_CRITICAL, "FATAL: tproxy/intercepted on https_port requires ssl-bump which is missing.");
         self_destruct();
     }