process_encrypted_request(): Use the MESSED_UP_REQUEST_RESPONSE when the rewritten...

[privoxy.git] / jcc.c

diff --git a/jcc.c b/jcc.c
index 04fd5b6..c824d94 100644 (file)
--- a/jcc.c
+++ b/jcc.c
@@ -1044,6 +1044,16 @@ static jb_err change_request_destination(struct client_state *csp)
       log_error(LOG_LEVEL_ERROR, "Couldn't parse rewritten request: %s.",
          jb_err_to_string(err));
    }
+   if (http->ssl && strcmpic(csp->http->gpc, "CONNECT"))
+   {
+      /*
+       * A client header filter changed the request URL from
+       * http:// to https:// which we currently don't support.
+       */
+      log_error(LOG_LEVEL_ERROR, "Changing the request destination from http "
+         "to https behind the client's back currently isn't supported.");
+      return JB_ERR_PARSE;
+   }
 
    return err;
 }
@@ -2805,7 +2815,8 @@ static jb_err process_encrypted_request(struct client_state *csp)
       log_error(LOG_LEVEL_ERROR,
          "Failed to get the request destination in the rewritten headers");
       ssl_send_data_delayed(&(csp->ssl_client_attr),
-         (const unsigned char *)CHEADER, strlen(CHEADER), get_write_delay(csp));
+         (const unsigned char *)MESSED_UP_REQUEST_RESPONSE,
+         strlen(MESSED_UP_REQUEST_RESPONSE), get_write_delay(csp));
       return JB_ERR_PARSE;
    }
 
@@ -4256,7 +4267,7 @@ static void chat(struct client_state *csp)
       }
 #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
 #ifdef FEATURE_HTTPS_INSPECTION
-      if (http->ssl && !use_ssl_tunnel)
+      if (client_use_ssl(csp) && !use_ssl_tunnel)
       {
          int ret;
          /*