+ cups_finalize_client_conf(&cc);
+
+ if (cg->encryption == (http_encryption_t)-1)
+ cg->encryption = cc.encryption;
+
+ if (!cg->server[0] || !cg->ipp_port)
+ cupsSetServer(cc.server_name);
+
+ if (!cg->ipp_port)
+ cups_set_default_ipp_port(cg);
+
+ if (!cg->user[0])
+ strlcpy(cg->user, cc.user, sizeof(cg->user));
+
+#ifdef HAVE_GSSAPI
+ if (!cg->gss_service_name[0])
+ strlcpy(cg->gss_service_name, cc.gss_service_name, sizeof(cg->gss_service_name));
+#endif /* HAVE_GSSAPI */
+
+ if (cg->any_root < 0)
+ cg->any_root = cc.any_root;
+
+ if (cg->expired_certs < 0)
+ cg->expired_certs = cc.expired_certs;
+
+ if (cg->validate_certs < 0)
+ cg->validate_certs = cc.validate_certs;
+
+#ifdef HAVE_SSL
+ _httpTLSSetOptions(cc.ssl_options);
+#endif /* HAVE_SSL */
+}
+
+
+/*
+ * 'cups_boolean_value()' - Convert a string to a boolean value.
+ */
+
+static int /* O - Boolean value */
+cups_boolean_value(const char *value) /* I - String value */
+{
+ return (!_cups_strcasecmp(value, "yes") || !_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "true"));
+}
+
+
+/*
+ * 'cups_finalize_client_conf()' - Finalize client.conf values.
+ */
+
+static void
+cups_finalize_client_conf(
+ _cups_client_conf_t *cc) /* I - client.conf values */
+{
+ const char *value; /* Environment variable */
+
+
+ if ((value = getenv("CUPS_ANYROOT")) != NULL)
+ cc->any_root = cups_boolean_value(value);
+
+ if ((value = getenv("CUPS_ENCRYPTION")) != NULL)
+ cups_set_encryption(cc, value);
+
+ if ((value = getenv("CUPS_EXPIREDCERTS")) != NULL)
+ cc->expired_certs = cups_boolean_value(value);
+
+#ifdef HAVE_GSSAPI
+ if ((value = getenv("CUPS_GSSSERVICENAME")) != NULL)
+ cups_set_gss_service_name(cc, value);
+#endif /* HAVE_GSSAPI */
+
+ if ((value = getenv("CUPS_SERVER")) != NULL)
+ cups_set_server_name(cc, value);
+
+ if ((value = getenv("CUPS_USER")) != NULL)
+ cups_set_user(cc, value);
+
+ if ((value = getenv("CUPS_VALIDATECERTS")) != NULL)
+ cc->validate_certs = cups_boolean_value(value);
+
+ /*
+ * Then apply defaults for those values that haven't been set...
+ */
+
+ if (cc->any_root < 0)
+ cc->any_root = 1;
+
+ if (cc->encryption == (http_encryption_t)-1)
+ cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED;
+
+ if (cc->expired_certs < 0)
+ cc->expired_certs = 1;
+
+#ifdef HAVE_GSSAPI
+ if (!cc->gss_service_name[0])
+ cups_set_gss_service_name(cc, CUPS_DEFAULT_GSSSERVICENAME);
+#endif /* HAVE_GSSAPI */
+
+ if (!cc->server_name[0])