Call PeerOptions::parseOptions() as early as possible

diff --git a/src/cache_cf.cc b/src/cache_cf.cc
index 208e4e251ec32fac66e3d359b8e7afb3cefe205c..4402486d3bb9b399ef529d83b5e129be09b4a084 100644 (file)
--- a/src/cache_cf.cc
+++ b/src/cache_cf.cc
@@ -2360,6 +2360,9 @@ parse_peer(CachePeer ** head)
         peerDigestCreate(p);
 #endif
 
+    if (p->secure.encryptTransport)
+        p->secure.parseOptions();
+
     p->index =  ++Config.npeers;
 
     while (*head != NULL)
@@ -3830,6 +3833,7 @@ parsePortCfg(AnyP::PortCfgPointer *head, const char *optionName)
             self_destruct();
             return;
         }
+        s->secure.parseOptions();
     }
 
     // *_port line should now be fully valid so we can clone it if necessary

diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc
index deecc5eb0fcfe4f4699e7a03fd40b00b11e7c7c9..51f9c18ef36b69cdf78a413b1f326f5f5899cb33 100644 (file)
--- a/src/security/PeerOptions.cc
+++ b/src/security/PeerOptions.cc
@@ -768,5 +768,6 @@ parse_securePeerOptions(Security::PeerOptions *opt)
 {
     while(const char *token = ConfigParser::NextToken())
         opt->parse(token);
+    opt->parseOptions();
 }
 

diff --git a/src/security/PeerOptions.h b/src/security/PeerOptions.h
index 1deeff258f58608bcef28e2d5cb34a12fc90daf3..928295b0afafc8b79aedf4484ec4c5a34145f9af 100644 (file)
--- a/src/security/PeerOptions.h
+++ b/src/security/PeerOptions.h
@@ -32,6 +32,9 @@ public:
     /// parse a TLS squid.conf option
     virtual void parse(const char *);
 
+    /// parse and verify the [tls-]options= string in sslOptions
+    void parseOptions();
+
     /// reset the configuration details to default
     virtual void clear() {*this = PeerOptions();}
 
@@ -66,7 +69,6 @@ public:
     virtual void dumpCfg(Packable *, const char *pfx) const;
 
 private:
-    void parseOptions(); ///< parsed value of sslOptions
     long parseFlags();
     void loadCrlFile();
     void loadKeysFile();