src/patches/squid/squid-3.5-14143.patch

   1 ------------------------------------------------------------
   2 revno: 14143
   3 revision-id: squid3@treenet.co.nz-20170225055014-j7v5xax13u4jddr9
   4 parent: squid3@treenet.co.nz-20170208054033-pxqn8rs4yu713ijq
   5 author: Christos Tsantilas <chtsanti@users.sourceforge.net>
   6 committer: Amos Jeffries <squid3@treenet.co.nz>
   7 branch nick: 3.5
   8 timestamp: Sat 2017-02-25 18:50:14 +1300
   9 message:
  10   Fix regression in CONNECT authentication after rev.14142
  11 ------------------------------------------------------------
  12 # Bazaar merge directive format 2 (Bazaar 0.90)
  13 # revision_id: squid3@treenet.co.nz-20170225055014-j7v5xax13u4jddr9
  14 # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
  15 # testament_sha1: bedc99ffdffd1e999c98c33faa830d4e9d1fc01d
  16 # timestamp: 2017-02-25 05:51:22 +0000
  17 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
  18 # base_revision_id: squid3@treenet.co.nz-20170208054033-\
  19 #   pxqn8rs4yu713ijq
  20 #
  21 # Begin patch
  22 === modified file 'src/client_side_request.cc'
  23 --- src/client_side_request.cc  2017-02-08 05:40:33 +0000
  24 +++ src/client_side_request.cc  2017-02-25 05:50:14 +0000
  25 @@ -1442,6 +1442,14 @@
  26          return false;
  27      }
  28
  29 +    // Do not bump during authentication: clients would not proxy-authenticate
  30 +    // if we delay a 407 response and respond with 200 OK to CONNECT.
  31 +    if (error && error->httpStatus == Http::scProxyAuthenticationRequired) {
  32 +        http->al->ssl.bumpMode = Ssl::bumpEnd; // SslBump does not apply; log -
  33 +        debugs(85, 5, HERE << "no SslBump during proxy authentication");
  34 +        return false;
  35 +    }
  36 +
  37      if (error) {
  38          debugs(85, 5, "SslBump applies. Force bump action on error " << err_type_str[(error->type >= ERR_NONE && error->type < ERR_MAX) ? error->type : ERR_NONE]);
  39          http->sslBumpNeed(Ssl::bumpBump);
  40 @@ -1449,14 +1457,6 @@
  41          return false;
  42      }
  43
  44 -    // Do not bump during authentication: clients would not proxy-authenticate
  45 -    // if we delay a 407 response and respond with 200 OK to CONNECT.
  46 -    if (error && error->httpStatus == Http::scProxyAuthenticationRequired) {
  47 -        http->al->ssl.bumpMode = Ssl::bumpEnd; // SslBump does not apply; log -
  48 -        debugs(85, 5, HERE << "no SslBump during proxy authentication");
  49 -        return false;
  50 -    }
  51 -
  52      debugs(85, 5, HERE << "SslBump possible, checking ACL");
  53
  54      ACLFilledChecklist *aclChecklist = clientAclChecklistCreate(Config.accessList.ssl_bump, http);
  55