=== modified file 'src/client_side.cc'
--- src/client_side.cc	2016-02-02 15:39:23 +0000
+++ src/client_side.cc	2016-02-10 11:22:35 +0000
@@ -3022,6 +3022,10 @@
             auto ssl = fd_table[clientConnection->fd].ssl.get();
             if (!Ssl::configureSSL(ssl, certProperties, *port))
                 debugs(33, 5, "Failed to set certificates to ssl object for PeekAndSplice mode");
+
+            Security::ContextPtr ctx = SSL_get_SSL_CTX(ssl);
+            addSigningCertificatesToChain(ctx);
+
         } else {
             auto dynCtx = Ssl::generateSslContext(certProperties, *port);
             getSslContextDone(dynCtx, true);
@@ -3030,7 +3034,21 @@
     }
     getSslContextDone(NULL);
 }
-
+void
+ConnStateData::addSigningCertificatesToChain(Security::ContextPtr sslContext)
+{
+    X509 *cert = port->signingCert.get();
+    if (cert) {
+        if (SSL_CTX_add_extra_chain_cert(sslContext, cert)) {
+            // increase the certificate lock
+            CRYPTO_add(&(cert->references),1,CRYPTO_LOCK_X509);
+        } else {
+            const int ssl_error = ERR_get_error();
+            debugs(33, DBG_IMPORTANT, "WARNING: can not add signing certificate to SSL context chain: " << ERR_error_string(ssl_error, NULL));
+        }
+        Ssl::addChainToSslContext(sslContext, port->certsToChain.get());
+    }
+}
 void
 ConnStateData::getSslContextDone(Security::ContextPtr sslContext, bool isNew)
 {
@@ -3039,15 +3057,7 @@
 
         if (signAlgorithm == Ssl::algSignTrusted) {
             // Add signing certificate to the certificates chain
-            X509 *cert = port->signingCert.get();
-            if (SSL_CTX_add_extra_chain_cert(sslContext, cert)) {
-                // increase the certificate lock
-                CRYPTO_add(&(cert->references),1,CRYPTO_LOCK_X509);
-            } else {
-                const int ssl_error = ERR_get_error();
-                debugs(33, DBG_IMPORTANT, "WARNING: can not add signing certificate to SSL context chain: " << ERR_error_string(ssl_error, NULL));
-            }
-            Ssl::addChainToSslContext(sslContext, port->certsToChain.get());
+            addSigningCertificatesToChain(sslContext);
         }
         //else it is self-signed or untrusted do not attrach any certificate
 

=== modified file 'src/client_side.h'
--- src/client_side.h	2016-01-24 17:41:43 +0000
+++ src/client_side.h	2016-02-10 11:22:35 +0000
@@ -358,6 +358,13 @@
     /// HTTPS server cert. fetching state for bump-ssl-server-first
     Ssl::ServerBump *sslServerBump;
     Ssl::CertSignAlgorithm signAlgorithm; ///< The signing algorithm to use
+
+    /**
+     * Add signing certificates to the chain being sent to the user
+     *
+     * \param[in] sslContext of the SSL connection
+     */
+    void addSigningCertificatesToChain(Security::ContextPtr sslContext);
 #endif
 
     /// the reason why we no longer write the response or nil