From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Wed, 20 Jun 2012 23:03:53 +0000 (-0600)
Subject: If we re-pin, we must re-initialize SSL.
X-Git-Tag: BumpSslServerFirst.take09
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=2fd6a58cfa385d3570aedb04c5ae1f9ac73aee47;p=thirdparty%2Fsquid.git

If we re-pin, we must re-initialize SSL.

The latest merge-from-trunk broke this logic because it disabled SSL
initialization for pinned connections.
---

diff --git a/src/forward.cc b/src/forward.cc
index ff2b36414d..0b42552149 100644
--- a/src/forward.cc
+++ b/src/forward.cc
@@ -836,7 +836,10 @@ FwdState::connectDone(const Comm::ConnectionPointer &conn, comm_err_t status, in
     if (serverConnection()->getPeer())
         peerConnectSucceded(serverConnection()->getPeer());
 
-    if (request->flags.canRePin && request->clientConnectionManager.valid()) {
+    // some requests benefit from pinning but do not require it and can "repin"
+    const bool rePin = request->flags.canRePin &&
+        request->clientConnectionManager.valid();
+    if (rePin) {
         debugs(17, 3, HERE << "repinning " << serverConn);
         request->clientConnectionManager->pinConnection(serverConn,
             request, serverConn->getPeer(), request->flags.auth);
@@ -844,7 +847,7 @@ FwdState::connectDone(const Comm::ConnectionPointer &conn, comm_err_t status, in
     }
 
 #if USE_SSL
-    if (!request->flags.pinned) {
+    if (!request->flags.pinned || rePin) {
         if ((serverConnection()->getPeer() && serverConnection()->getPeer()->use_ssl) ||
                 (!serverConnection()->getPeer() && request->protocol == AnyP::PROTO_HTTPS) ||
                 request->flags.sslPeek) {