Fix connections over plain squid port to SSL origins

After the "Restrict SslBump inspections of cache_peer connections"/r14425 patch
https requests over plain proxy port (eg. "GET https://www.example.com/" on
http_port) does not work any more.
This is because the BlindPeerConnector class, which used now for any connection
to the https peers or servers designed initialy to work with cache_peer
connections.

This small patch fix Ssl::BlindPeerConnector to initiate SSL connections
destined to origin SSL servers.

This is a Measurement Factory project.

diff --git a/src/ssl/PeerConnector.cc b/src/ssl/PeerConnector.cc
index ce5b7a899cbf5ae6d4d34bd34252b4be36e8ce21..17ae06a7ea7ddfc4b1bd50ca9d6321d8e5b4fad8 100644 (file)
--- a/src/ssl/PeerConnector.cc
+++ b/src/ssl/PeerConnector.cc
@@ -597,7 +597,7 @@ Ssl::BlindPeerConnector::getSslContext()
         Security::ContextPtr sslContext(peer->sslContext);
         return sslContext;
     }
-    return nullptr;
+    return ::Config.ssl_client.sslContext;
 }
 
 SSL *
@@ -607,18 +607,22 @@ Ssl::BlindPeerConnector::initializeSsl()
     if (!ssl)
         return NULL;
 
-    const CachePeer *peer = serverConnection()->getPeer();
-    assert(peer);
+    if (const CachePeer *peer = serverConnection()->getPeer()) {
+        assert(peer);
 
-    // NP: domain may be a raw-IP but it is now always set
-    assert(!peer->secure.sslDomain.isEmpty());
+        // NP: domain may be a raw-IP but it is now always set
+        assert(!peer->secure.sslDomain.isEmpty());
 
-    // const loss is okay here, ssl_ex_index_server is only read and not assigned a destructor
-    SBuf *host = new SBuf(peer->secure.sslDomain);
-    SSL_set_ex_data(ssl, ssl_ex_index_server, host);
+        // const loss is okay here, ssl_ex_index_server is only read and not assigned a destructor
+        SBuf *host = new SBuf(peer->secure.sslDomain);
+        SSL_set_ex_data(ssl, ssl_ex_index_server, host);
 
-    if (peer->sslSession)
-        SSL_set_session(ssl, peer->sslSession);
+        if (peer->sslSession)
+            SSL_set_session(ssl, peer->sslSession);
+    } else {
+        SBuf *hostName = new SBuf(request->url.host());
+        SSL_set_ex_data(ssl, ssl_ex_index_server, (void*)hostName);
+    }
 
     return ssl;
 }