Bug fix: The SQUID_X509_V_ERR_DOMAIN_MISMATCH error name when used with sslproxy_cert...

author Christos Tsantilas <chtsanti@users.sourceforge.net>

Tue, 31 Jan 2012 20:57:35 +0000 (22:57 +0200)

committer Christos Tsantilas <chtsanti@users.sourceforge.net>

Tue, 31 Jan 2012 20:57:35 +0000 (22:57 +0200)
author Christos Tsantilas <chtsanti@users.sourceforge.net>
Tue, 31 Jan 2012 20:57:35 +0000 (22:57 +0200)
committer Christos Tsantilas <chtsanti@users.sourceforge.net>
Tue, 31 Jan 2012 20:57:35 +0000 (22:57 +0200)
diff --git a/src/client_side.cc b/src/client_side.cc

index afaf08c1d6cfa50cc3cecca74c4c2f55d0039130..1b3c715f6767e0062f71703c4655e97d75bc9fc2 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -2477,10 +2477,14 @@ bool ConnStateData::serveDelayedError(ClientSocketContext *context)
              debugs(33, 2, "SQUID_X509_V_ERR_DOMAIN_MISMATCH: Certificate does not match domainname " << request->GetHost());
  
              ACLFilledChecklist check(Config.ssl_client.cert_error, request, dash_str);
+            check.sslErrorList = new Ssl::Errors(SQUID_X509_V_ERR_DOMAIN_MISMATCH);
              if (Comm::IsConnOpen(pinning.serverConnection))
                  check.fd(pinning.serverConnection->fd);
+            bool allowDomainMismatch = (check.fastCheck() == ACCESS_ALLOWED);
+            delete check.sslErrorList;
+            check.sslErrorList = NULL;
  
-            if (check.fastCheck() != ACCESS_ALLOWED) {
+            if (!allowDomainMismatch) {
                  clientStreamNode *node = context->getClientReplyContext();
                  clientReplyContext *repContext = dynamic_cast<clientReplyContext *>(node->data.getRaw());
                  assert (repContext);
author	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Tue, 31 Jan 2012 20:57:35 +0000 (22:57 +0200)
committer	Christos Tsantilas <chtsanti@users.sourceforge.net>
	Tue, 31 Jan 2012 20:57:35 +0000 (22:57 +0200)