From 334cf3e013392c40c47da5107b73b03706c95bc1 Mon Sep 17 00:00:00 2001
From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Mon, 6 Jul 2020 08:04:31 +0000
Subject: [PATCH] Honor on_unsupported_protocol for intercepted https_port
 (#689)

... when Squid discovers a non-TLS client while parsing its handshake.

For https_port traffic, ConnStateData::switchToHttps() relies on start()
to set preservingClientData_ correctly, but shouldPreserveClientData(),
called by start() to set preservingClientData_, was not preserving TLS
bytes in the https_port start() context. Typical debug messages:

    parseTlsHandshake: Got something other than TLS ... Cannot SslBump
    tunnelOnError: may have forgotten client data; send error: 40
---
 src/client_side.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/client_side.cc b/src/client_side.cc
index fb5342ab3e..606fda71c9 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -4068,8 +4068,8 @@ ConnStateData::shouldPreserveClientData() const
         return true;
 #endif
 
-    // the 1st HTTP request on a connection to a plain intercepting port
-    if (!pipeline.nrequests && !port->secure.encryptTransport && transparent())
+    // the 1st HTTP(S) request on a connection to an intercepting port
+    if (!pipeline.nrequests && transparent())
         return true;
 
     return false;
-- 
2.47.2