If we re-pin, we must re-initialize SSL.

The latest merge-from-trunk broke this logic because it disabled SSL
initialization for pinned connections.

diff --git a/src/forward.cc b/src/forward.cc
index ff2b36414db03f57c8b08817506b7fa0cdc7b5e6..0b425521497c292d9cd7bd3956e0be813e3cd910 100644 (file)
--- a/src/forward.cc
+++ b/src/forward.cc
@@ -836,7 +836,10 @@ FwdState::connectDone(const Comm::ConnectionPointer &conn, comm_err_t status, in
     if (serverConnection()->getPeer())
         peerConnectSucceded(serverConnection()->getPeer());
 
-    if (request->flags.canRePin && request->clientConnectionManager.valid()) {
+    // some requests benefit from pinning but do not require it and can "repin"
+    const bool rePin = request->flags.canRePin &&
+        request->clientConnectionManager.valid();
+    if (rePin) {
         debugs(17, 3, HERE << "repinning " << serverConn);
         request->clientConnectionManager->pinConnection(serverConn,
             request, serverConn->getPeer(), request->flags.auth);
@@ -844,7 +847,7 @@ FwdState::connectDone(const Comm::ConnectionPointer &conn, comm_err_t status, in
     }
 
 #if USE_SSL
-    if (!request->flags.pinned) {
+    if (!request->flags.pinned || rePin) {
         if ((serverConnection()->getPeer() && serverConnection()->getPeer()->use_ssl) ||
                 (!serverConnection()->getPeer() && request->protocol == AnyP::PROTO_HTTPS) ||
                 request->flags.sslPeek) {