From 819c207f6625f05171c29346aeb622ed1fb92e5f Mon Sep 17 00:00:00 2001
From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Thu, 15 Dec 2011 12:19:53 -0700
Subject: [PATCH] Use CN from the peeked certificate to generate a fake
 certificate.

---
 src/client_side.cc | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/client_side.cc b/src/client_side.cc
index 636455d166..37a9d9d86b 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -3679,11 +3679,26 @@ void
 ConnStateData::httpsPeeked(Comm::ConnectionPointer serverConnection)
 {
     Must(httpsPeeker.set());
-    // XXX: handle httpsPeeker errors
-    
+
+    /* XXX: handle httpsPeeker errors instead of asserting there are none */
+    assert(Comm::IsConnOpen(serverConnection));
+    SSL *ssl = fd_table[serverConnection->fd].ssl;
+    assert(ssl);
+    Ssl::X509_Pointer serverCert(SSL_get_peer_certificate(ssl));
+    assert(serverCert.get() != NULL);
+
+    char name[256] = ""; // stores common name (CN)
+    // TODO: What if CN is a UTF8String? See X509_NAME_get_index_by_NID(3ssl).
+    const int nameLen = X509_NAME_get_text_by_NID(
+        X509_get_subject_name(serverCert.get()),
+                              NID_commonName,  name, sizeof(name));
+    assert(0 < nameLen && nameLen < static_cast<int>(sizeof(name)));
+    debugs(33, 5, HERE << "found HTTPS server " << name << " at bumped " <<
+           *serverConnection);
+    sslHostName = name;
+
     pinConnection(serverConnection, NULL, NULL, false);
 
-    // XXX: change sslHostName based on httpsPeeker results
     debugs(33, 5, HERE << "bumped HTTPS server: " << sslHostName);
     httpsPeeker.clear();
     getSslContextStart();
-- 
2.47.3