From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Fri, 20 Apr 2012 17:23:04 +0000 (+0300)
Subject: Cert adaptation algorithms: skip ACL checks if they are not realy needed
X-Git-Tag: BumpSslServerFirst.take08~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a06042fa72920ee3dd5f36bd906191c773e6bd42;p=thirdparty%2Fsquid.git

Cert adaptation algorithms: skip ACL checks if they are not realy needed

Skip ACLs checks for algorithms that we know are going to be ignored because
they matched once already.
---

diff --git a/src/client_side.cc b/src/client_side.cc
index 4f5542e047..be95b534c9 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -3703,21 +3703,27 @@ void ConnStateData::buildSslCertGenerationParams(Ssl::CertificateProperties &cer
         checklist.sslErrorList = cbdataReference(sslServerBump->bumpSslErrorNoList);
 
         for (sslproxy_cert_adapt *ca = Config.ssl_client.cert_adapt; ca != NULL; ca = ca->next) {
+            // If the algorithm already set ignore.
+            if ((ca->alg == Ssl::algSetCommonName && certProperties.setCommonName) ||
+                (ca->alg == Ssl::algSetValidAfter && certProperties.setValidAfter) ||
+                (ca->alg == Ssl::algSetValidBefore && certProperties.setValidBefore) )
+                continue;
+
             if (ca->aclList && checklist.fastCheck(ca->aclList) == ACCESS_ALLOWED) {
                 const char *alg = Ssl::CertAdaptAlgorithmStr[ca->alg];
                 const char *param = ca->param;
   
                 // if not param defined for Common Name adaptation use hostname from 
                 // the CONNECT request
-                if (ca->alg == Ssl::algSetCommonName && !certProperties.setCommonName) {
+                if (ca->alg == Ssl::algSetCommonName) {
                     if (!param)
                         param = sslConnectHostOrIp.termedBuf();
                     certProperties.commonName = param;
                     certProperties.setCommonName = true;
                 }
-                else if(ca->alg == Ssl::algSetValidAfter && !certProperties.setValidAfter)
+                else if(ca->alg == Ssl::algSetValidAfter)
                     certProperties.setValidAfter = true;
-                else if(ca->alg == Ssl::algSetValidBefore && !certProperties.setValidBefore)
+                else if(ca->alg == Ssl::algSetValidBefore)
                     certProperties.setValidBefore = true;
 
                 debugs(33, 5, HERE << "Matches certificate adaptation aglorithm: " <<