------------------------------------------------------------
revno: 12331
revision-id: chtsanti@users.sourceforge.net-20120925135844-zz81oufeby1oe9fx
parent: chtsanti@users.sourceforge.net-20120925134925-mal9l1bd2atee9k4
committer: Christos Tsantilas <chtsanti@users.sourceforge.net>
branch nick: trunk
timestamp: Tue 2012-09-25 16:58:44 +0300
message:
  SslBump stuck after error  
  
  When bump-server-first code in trunk encounters a certificate validation error,
  the corresponding CONNECT transaction gets stuck.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: chtsanti@users.sourceforge.net-20120925135844-\
#   zz81oufeby1oe9fx
# target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/
# testament_sha1: e46667ca44f24fbe7a888dbac31e9ead845ee554
# timestamp: 2012-09-25 14:52:28 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/
# base_revision_id: chtsanti@users.sourceforge.net-20120925134925-\
#   mal9l1bd2atee9k4
# 
# Begin patch
=== modified file 'src/forward.cc'
--- src/forward.cc	2012-09-25 13:46:57 +0000
+++ src/forward.cc	2012-09-25 13:58:44 +0000
@@ -214,6 +214,12 @@
             assert(err);
             errorAppendEntry(entry, err);
             err = NULL;
+#if USE_SSL
+            if (request->flags.sslPeek && request->clientConnectionManager.valid()) {
+                CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData,
+                             ConnStateData::httpsPeeked, Comm::ConnectionPointer(NULL));
+            }
+#endif
         } else {
             EBIT_CLR(entry->flags, ENTRY_FWD_HDR_WAIT);
             entry->complete();
@@ -369,14 +375,6 @@
             ErrorState *anErr = new ErrorState(ERR_CANNOT_FORWARD, HTTP_INTERNAL_SERVER_ERROR, request);
             fail(anErr);
         } // else use actual error from last connection attempt
-#if USE_SSL
-        if (request->flags.sslPeek && request->clientConnectionManager.valid()) {
-            errorAppendEntry(entry, err); // will free err
-            err = NULL;
-            CallJobHere1(17, 4, request->clientConnectionManager, ConnStateData,
-                         ConnStateData::httpsPeeked, Comm::ConnectionPointer(NULL));
-        }
-#endif
         self = NULL;       // refcounted
     }
 }
@@ -828,7 +826,6 @@
     // The list is used in ssl_verify_cb() and is freed in ssl_free().
     if (acl_access *acl = Config.ssl_client.cert_error) {
         ACLFilledChecklist *check = new ACLFilledChecklist(acl, request, dash_str);
-        check->fd(fd);
         SSL_set_ex_data(ssl, ssl_ex_index_cert_error_check, check);
     }