From 35178e02c054eff272e6eb172f33dc4cdb907c5a Mon Sep 17 00:00:00 2001
From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Tue, 5 Aug 2014 13:41:26 +0300
Subject: [PATCH] peek-and-splice: Fix stare mode

- For peek mode we need to always forward client hello message
- For stare mode we must forward client hello message only if we can mimic
  all of the client SSL features, else we should sent a new SSL hello message.
---
 src/ssl/bio.cc | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc
index 75cee5a5c1..6917397091 100644
--- a/src/ssl/bio.cc
+++ b/src/ssl/bio.cc
@@ -452,13 +452,16 @@ Ssl::ServerBio::write(const char *buf, int size, BIO *table)
                     if (adjustSSL(ssl, clientFeatures, true))
                         allowBump = true;
                     allowSplice = true;
+                    helloMsg.append(clientFeatures.helloMessage.content(), clientFeatures.helloMessage.contentSize());
+                    debugs(83, 7,  "SSL HELLO message for FD " << fd_ << ": Random number is adjusted for peek mode");
                 } else { /*Ssl::bumpStare*/
                     allowBump = true;
-                    if (adjustSSL(ssl, clientFeatures, false))
+                    if (adjustSSL(ssl, clientFeatures, false)) {
                         allowSplice = true;
+                        helloMsg.append(clientFeatures.helloMessage.content(), clientFeatures.helloMessage.contentSize());
+                        debugs(83, 7,  "SSL HELLO message for FD " << fd_ << ": Random number is adjusted for stare mode");
+                    }
                 }
-                helloMsg.append(clientFeatures.helloMessage.content(), clientFeatures.helloMessage.contentSize());
-                debugs(83, 7,  "SSL HELLO message for FD " << fd_ << ": Random number is adjusted");
             }
         }
         // If we do not build any hello message, copy the current
-- 
2.47.3