------------------------------------------------------------
revno: 12329
revision-id: chtsanti@users.sourceforge.net-20120925134657-9snxbe2vnod37u1k
parent: chtsanti@users.sourceforge.net-20120925134254-f3rumu2f7jh8xmio
committer: Christos Tsantilas <chtsanti@users.sourceforge.net>
branch nick: trunk
timestamp: Tue 2012-09-25 16:46:57 +0300
message:
  Undo/uncommit the r12328 patch 
   
  The documentation is wrong and should applied as separate patches
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: chtsanti@users.sourceforge.net-20120925134657-\
#   9snxbe2vnod37u1k
# target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/
# testament_sha1: b3b052ec58ec5083d56f16e8368766e02e4cdc13
# timestamp: 2012-09-25 13:53:02 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/
# base_revision_id: chtsanti@users.sourceforge.net-20120925134254-\
#   f3rumu2f7jh8xmio
# 
# Begin patch
=== modified file 'src/acl/FilledChecklist.h'
--- src/acl/FilledChecklist.h	2012-09-25 13:42:54 +0000
+++ src/acl/FilledChecklist.h	2012-09-25 13:46:57 +0000
@@ -27,15 +27,14 @@
     ~ACLFilledChecklist();
 
 public:
-    /// The client connection manager
     ConnStateData * conn() const;
 
-    /// The client side fd. It uses conn() if available
+    /// uses conn() if available
     int fd() const;
 
     /// set either conn
     void conn(ConnStateData *);
-    /// set the client side FD
+    /// set FD
     void fd(int aDescriptor);
 
     //int authenticated();

=== modified file 'src/client_side.cc'
--- src/client_side.cc	2012-09-25 13:42:54 +0000
+++ src/client_side.cc	2012-09-25 13:46:57 +0000
@@ -2516,6 +2516,8 @@
 
             ACLFilledChecklist check(Config.ssl_client.cert_error, request, dash_str);
             check.sslErrors = new Ssl::Errors(SQUID_X509_V_ERR_DOMAIN_MISMATCH);
+            if (Comm::IsConnOpen(pinning.serverConnection))
+                check.fd(pinning.serverConnection->fd);
             const bool allowDomainMismatch =
                 check.fastCheck() == ACCESS_ALLOWED;
             delete check.sslErrors;

=== modified file 'src/forward.cc'
--- src/forward.cc	2012-09-25 13:42:54 +0000
+++ src/forward.cc	2012-09-25 13:46:57 +0000
@@ -214,12 +214,6 @@
             assert(err);
             errorAppendEntry(entry, err);
             err = NULL;
-#if USE_SSL
-            if (request->flags.sslPeek && request->clientConnectionManager.valid()) {
-                CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData,
-                             ConnStateData::httpsPeeked, Comm::ConnectionPointer(NULL));
-            }
-#endif
         } else {
             EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT);
             entry->complete();
@@ -375,6 +369,14 @@
             ErrorState *anErr = new ErrorState(ERR_CANNOT_FORWARD, HTTP_INTERNAL_SERVER_ERROR, request);
             fail(anErr);
         } // else use actual error from last connection attempt
+#if USE_SSL
+        if (request->flags.sslPeek && request->clientConnectionManager.valid()) {
+            errorAppendEntry(entry, err); // will free err
+            err = NULL;
+            CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData,
+                         ConnStateData::httpsPeeked, Comm::ConnectionPointer(NULL));
+        }
+#endif
         self = NULL;       // refcounted
     }
 }
@@ -826,6 +828,7 @@
     // The list is used in ssl_verify_cb() and is freed in ssl_free().
     if (acl_access *acl = Config.ssl_client.cert_error) {
         ACLFilledChecklist *check = new ACLFilledChecklist(acl, request, dash_str);
+        check->fd(fd);
         SSL_set_ex_data(ssl, ssl_ex_index_cert_error_check, check);
     }