From: Amos Jeffries <amosjeffries@squid-cache.org>
Date: Mon, 16 Apr 2018 22:02:25 +0000 (+1200)
Subject: Skip ssl_bump ACL checks for internal requests
X-Git-Tag: SQUID_3_5_28~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=afcff5ec02ea196704a0f40014b21a53911b4e17;p=thirdparty%2Fsquid.git

Skip ssl_bump ACL checks for internal requests
---

diff --git a/src/client_side_request.cc b/src/client_side_request.cc
index 203f89d469..7fb58c276e 100644
--- a/src/client_side_request.cc
+++ b/src/client_side_request.cc
@@ -1419,6 +1419,11 @@ ClientRequestContext::checkNoCacheDone(const allow_t &answer)
 bool
 ClientRequestContext::sslBumpAccessCheck()
 {
+    if (!http->getConn()) {
+        http->al->ssl.bumpMode = Ssl::bumpEnd; // SslBump does not apply; log -
+        return false;
+    }
+
     // If SSL connection tunneling or bumping decision has been made, obey it.
     const Ssl::BumpMode bumpMode = http->getConn()->sslBumpMode;
     if (bumpMode != Ssl::bumpEnd) {