From a1171f0b94378756180147ebe8ad49e07b5aa5dd Mon Sep 17 00:00:00 2001
From: Alex Wu <alex_wu2012@hotmail.com>
Date: Fri, 31 Jul 2015 22:59:31 -0700
Subject: [PATCH] Bug 4293: wrong SNI sent to server after URL-rewrite

---
 src/ssl/PeerConnector.cc | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/ssl/PeerConnector.cc b/src/ssl/PeerConnector.cc
index d5deac9c4d..e20b3cca7b 100644
--- a/src/ssl/PeerConnector.cc
+++ b/src/ssl/PeerConnector.cc
@@ -189,8 +189,13 @@ Ssl::PeerConnector::initializeSsl()
 
             // Use SNI TLS extension only when we connect directly
             // to the origin server and we know the server host name.
-            const char *sniServer = hostName ? hostName->c_str() :
-                                    (!request->GetHostIsNumeric() ? request->GetHost() : NULL);
+            const char *sniServer = NULL;
+            const bool redirected = request->flags.redirected && ::Config.onoff.redir_rewrites_host;
+            if (!hostName || redirected)
+                sniServer = !request->GetHostIsNumeric() ? request->GetHost() : NULL;
+            else
+                sniServer = hostName->c_str();
+
             if (sniServer)
                 Ssl::setClientSNI(ssl, sniServer);
         }
-- 
2.47.2