From 0362b68a48335dbecbdbd1cb1f346ec73ba94826 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Sat, 22 Feb 2020 14:38:16 +0100
Subject: [PATCH] Don't crash when blocking a CONNECT request with https
 filtering enabled

Previously ssl_send_data() was called before the TLS context was
setup which resulted in a segfault in mbedtls_ssl_get_max_frag_len().
---
 jcc.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/jcc.c b/jcc.c
index 654822af..591edd71 100644
--- a/jcc.c
+++ b/jcc.c
@@ -3611,9 +3611,12 @@ static void chat(struct client_state *csp)
    build_request_line(csp, fwd, &csp->headers->first->str);
 
    /*
-    * We have a request. Check if one of the crunchers wants it.
+    * We have a request. Check if one of the crunchers wants it
+    * unless the client wants to use TLS/SSL in which case we
+    * haven't setup the TLS context yet and will send the crunch
+    * response later.
     */
-   if (crunch_response_triggered(csp, crunchers_all))
+   if (!client_use_ssl(csp) && crunch_response_triggered(csp, crunchers_all))
    {
       /*
        * Yes. The client got the crunch response and we're done here.
-- 
2.39.2