From: Alex Wu <alex_wu2012@hotmail.com>
Date: Sat, 1 Aug 2015 03:50:37 +0000 (-0700)
Subject: Bug 4293: wrong SNI sent to server after URL-rewrite
X-Git-Tag: merge-candidate-3-v1~10^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c52a46930129466e6c0ae3a5c82eadeb59bb463f;p=thirdparty%2Fsquid.git

Bug 4293: wrong SNI sent to server after URL-rewrite
---

diff --git a/ChangeLog b/ChangeLog
index e82c2f01be..affee9d18f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 Changes to squid-3.5.7 (01 Aug 2015):
 
+	- Bug 4293: wrong SNI sent to server after URL-rewrite
 	- Bug 4251: incorrect instance name for memory segments in /dev/shm
 	- Bug 4227: invalid key in AuthUserHashPointer causing assertation failure
 	- Bug 3345: support %un (any available user name) format code for external ACLs.
diff --git a/src/ssl/PeerConnector.cc b/src/ssl/PeerConnector.cc
index c4d53fabbe..10c7ed6e47 100644
--- a/src/ssl/PeerConnector.cc
+++ b/src/ssl/PeerConnector.cc
@@ -678,8 +678,13 @@ Ssl::PeekingPeerConnector::initializeSsl()
 
             // Use SNI TLS extension only when we connect directly
             // to the origin server and we know the server host name.
-            const char *sniServer = hostName ? hostName->c_str() :
-                                    (!request->url.hostIsNumeric() ? request->url.host() : NULL);
+            const char *sniServer = NULL;
+            const bool redirected = request->flags.redirected && ::Config.onoff.redir_rewrites_host;
+            if (!hostName || redirected)
+                sniServer = !request->url.hostIsNumeric() ? request->url.host() : NULL;
+            else
+                sniServer = hostName->c_str();
+
             if (sniServer)
                 Ssl::setClientSNI(ssl, sniServer);
         }