This patch makes Squid only ssl-bump CONNECT requests if they are about
to be tunneled.
Currently all CONNECT requests are bumped, even if the redirectors and
adaptors have determined a 3xx, 4xx or 5xx reply should happen.
Whether Squid should be reaching this part of the code when a reply is
known is out of scope for this fix. This logic change needs to happen
anyway.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.12
Beta testers wanted for 3.2.0.7 and 3.1.12.1
=== modified file 'src/client_side_request.cc'
--- src/client_side_request.cc 2011-03-24 15:48:34 +0000
+++ src/client_side_request.cc 2011-05-06 14:55:46 +0000
@@ -1121,14 +1121,13 @@
{
debugs(85, 4, "clientProcessRequest: " << RequestMethodStr(request->method) << " '" << uri << "'");
-#if USE_SSL
- if (request->method == METHOD_CONNECT && sslBumpNeeded()) {
- sslBumpStart();
- return;
- }
-#endif
-
if (request->method == METHOD_CONNECT && !redirect.status) {
+#if USE_SSL
+ if (sslBumpNeeded()) {
+ sslBumpStart();
+ return;
+ }
+#endif
logType = LOG_TCP_MISS;
getConn()->stopReading(); // tunnels read for themselves
tunnelStart(this, &out.size, &al.http.code);
