From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Sat, 25 Feb 2017 05:50:14 +0000 (+1300)
Subject: Fix regression in CONNECT authentication after rev.14142
X-Git-Tag: SQUID_3_5_25~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4145b19f447b7ed0e4483ea9ea663224775ea0e6;p=thirdparty%2Fsquid.git

Fix regression in CONNECT authentication after rev.14142
---

diff --git a/src/client_side_request.cc b/src/client_side_request.cc
index 59296de841..d65ba2c4c7 100644
--- a/src/client_side_request.cc
+++ b/src/client_side_request.cc
@@ -1442,13 +1442,6 @@ ClientRequestContext::sslBumpAccessCheck()
         return false;
     }
 
-    if (error) {
-        debugs(85, 5, "SslBump applies. Force bump action on error " << err_type_str[(error->type >= ERR_NONE && error->type < ERR_MAX) ? error->type : ERR_NONE]);
-        http->sslBumpNeed(Ssl::bumpBump);
-        http->al->ssl.bumpMode = Ssl::bumpBump;
-        return false;
-    }
-
     // Do not bump during authentication: clients would not proxy-authenticate
     // if we delay a 407 response and respond with 200 OK to CONNECT.
     if (error && error->httpStatus == Http::scProxyAuthenticationRequired) {
@@ -1457,6 +1450,13 @@ ClientRequestContext::sslBumpAccessCheck()
         return false;
     }
 
+    if (error) {
+        debugs(85, 5, "SslBump applies. Force bump action on error " << err_type_str[(error->type >= ERR_NONE && error->type < ERR_MAX) ? error->type : ERR_NONE]);
+        http->sslBumpNeed(Ssl::bumpBump);
+        http->al->ssl.bumpMode = Ssl::bumpBump;
+        return false;
+    }
+
     debugs(85, 5, HERE << "SslBump possible, checking ACL");
 
     ACLFilledChecklist *aclChecklist = clientAclChecklistCreate(Config.accessList.ssl_bump, http);