From: Alex Wu <alex_wu2012@hotmail.com>
Date: Sat, 1 Aug 2015 05:59:31 +0000 (-0700)
Subject: Bug 4293: wrong SNI sent to server after URL-rewrite
X-Git-Tag: SQUID_3_5_7~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a1171f0b94378756180147ebe8ad49e07b5aa5dd;p=thirdparty%2Fsquid.git

Bug 4293: wrong SNI sent to server after URL-rewrite
---

diff --git a/src/ssl/PeerConnector.cc b/src/ssl/PeerConnector.cc
index d5deac9c4d..e20b3cca7b 100644
--- a/src/ssl/PeerConnector.cc
+++ b/src/ssl/PeerConnector.cc
@@ -189,8 +189,13 @@ Ssl::PeerConnector::initializeSsl()
 
             // Use SNI TLS extension only when we connect directly
             // to the origin server and we know the server host name.
-            const char *sniServer = hostName ? hostName->c_str() :
-                                    (!request->GetHostIsNumeric() ? request->GetHost() : NULL);
+            const char *sniServer = NULL;
+            const bool redirected = request->flags.redirected && ::Config.onoff.redir_rewrites_host;
+            if (!hostName || redirected)
+                sniServer = !request->GetHostIsNumeric() ? request->GetHost() : NULL;
+            else
+                sniServer = hostName->c_str();
+
             if (sniServer)
                 Ssl::setClientSNI(ssl, sniServer);
         }