Bug fix: src ACL broken with sslproxy_cert_error

The following Squid configuration uses src ACL with sslproxy_cert_error:
   acl me src 172.16.101.51
   sslproxy_cert_error allow me
Cache log shows that the source IP address is missing when the 'me' ACL
is checked for sslproxy_cert_error:
   | ACL::checklistMatches: checking 'me'
   | aclIpAddrNetworkCompare: compare: *[::]/[ff...ff] ([::])*  vs ...
   | aclIpMatchIp: '[::]' NOT found

The problem is that the HttpRequest::client_addr is not set, for  the fake
HTTPS request created to initiate the  bump-server-first procedure.

diff --git a/src/client_side.cc b/src/client_side.cc
index be95b534c9abf87b54bf1aaabb3fe343a7ed160d..434095ff4aa330dc7fc1c82d1f10c8f530bc9023 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -3889,6 +3889,11 @@ ConnStateData::switchToHttps(const char *host, const int port)
         fakeRequest->port = port;
         fakeRequest->protocol = AnyP::PROTO_HTTPS;
         fakeRequest->clientConnectionManager = this;
+        fakeRequest->client_addr = clientConnection->remote;
+#if FOLLOW_X_FORWARDED_FOR
+        fakeRequest->indirect_client_addr = clientConnection->remote;
+#endif
+        fakeRequest->my_addr = clientConnection->local;
         sslServerBump = new Ssl::ServerBump(fakeRequest);
 
         // will call httpsPeeked() with certificate and connection, eventually