log_error(LOG_LEVEL_ERROR, "Couldn't parse rewritten request: %s.",
jb_err_to_string(err));
}
+ if (http->ssl && strcmpic(csp->http->gpc, "CONNECT"))
+ {
+ /*
+ * A client header filter changed the request URL from
+ * http:// to https:// which we currently don't support.
+ */
+ log_error(LOG_LEVEL_ERROR, "Changing the request destination from http "
+ "to https behind the client's back currently isn't supported.");
+ return JB_ERR_PARSE;
+ }
return err;
}
log_error(LOG_LEVEL_ERROR,
"Failed to get the request destination in the rewritten headers");
ssl_send_data_delayed(&(csp->ssl_client_attr),
- (const unsigned char *)CHEADER, strlen(CHEADER), get_write_delay(csp));
+ (const unsigned char *)MESSED_UP_REQUEST_RESPONSE,
+ strlen(MESSED_UP_REQUEST_RESPONSE), get_write_delay(csp));
return JB_ERR_PARSE;
}
}
#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
#ifdef FEATURE_HTTPS_INSPECTION
- if (http->ssl && !use_ssl_tunnel)
+ if (client_use_ssl(csp) && !use_ssl_tunnel)
{
int ret;
/*