From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sat, 7 May 2011 05:57:04 +0000 (-0600)
Subject: Only ssl-bump CONNECT requests if they are about to be tunneled.
X-Git-Tag: SQUID_3_1_12_2~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed96956e7cb5d3daae9530496cc4bfab2cc1a73e;p=thirdparty%2Fsquid.git

Only ssl-bump CONNECT requests if they are about to be tunneled.

Currently all CONNECT requests are bumped, even if the redirectors have
determined a 3xx, 4xx or 5xx reply should happen.

Adapters and access controls use their own duplicated reply paths unaffected
by this bug at present.
---

diff --git a/src/client_side_request.cc b/src/client_side_request.cc
index 56e935a27f..f4c03211e5 100644
--- a/src/client_side_request.cc
+++ b/src/client_side_request.cc
@@ -1110,14 +1110,13 @@ ClientHttpRequest::processRequest()
 {
     debugs(85, 4, "clientProcessRequest: " << RequestMethodStr(request->method) << " '" << uri << "'");
 
+    if (request->method == METHOD_CONNECT && !redirect.status) {
 #if USE_SSL
-    if (request->method == METHOD_CONNECT && sslBumpNeeded()) {
-        sslBumpStart();
-        return;
-    }
+        if (sslBumpNeeded()) {
+            sslBumpStart();
+            return;
+        }
 #endif
-
-    if (request->method == METHOD_CONNECT && !redirect.status) {
         logType = LOG_TCP_MISS;
         getConn()->stopReading(); // tunnels read for themselves
         tunnelStart(this, &out.size, &al.http.code);