]> git.ipfire.org Git - thirdparty/squid.git/commitdiff
projects / thirdparty / squid.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1a8877f)
Bug 4293: wrong SNI sent to server after URL-rewrite
authorAlex Wu <alex_wu2012@hotmail.com>
Sat, 1 Aug 2015 05:59:31 +0000 (22:59 -0700)
committerAmos Jeffries <squid3@treenet.co.nz>
Sat, 1 Aug 2015 05:59:31 +0000 (22:59 -0700)
src/ssl/PeerConnector.cc patch | blob | blame | history

diff --git a/src/ssl/PeerConnector.cc b/src/ssl/PeerConnector.cc
index d5deac9c4da7aa854a6d836ab173f4a5c57f5faf..e20b3cca7b74fc0ad6a9dc4e75f74d4503a70e13 100644 (file)
--- a/src/ssl/PeerConnector.cc
+++ b/src/ssl/PeerConnector.cc
@@ -189,8 +189,13 @@ Ssl::PeerConnector::initializeSsl()
 
             // Use SNI TLS extension only when we connect directly
             // to the origin server and we know the server host name.
-            const char *sniServer = hostName ? hostName->c_str() :
-                                    (!request->GetHostIsNumeric() ? request->GetHost() : NULL);
+            const char *sniServer = NULL;
+            const bool redirected = request->flags.redirected && ::Config.onoff.redir_rewrites_host;
+            if (!hostName || redirected)
+                sniServer = !request->GetHostIsNumeric() ? request->GetHost() : NULL;
+            else
+                sniServer = hostName->c_str();
+
             if (sniServer)
                 Ssl::setClientSNI(ssl, sniServer);
         }
Mirror of https://github.com/squid-cache/squid.git