Fix tls-min-version= being ignored

Audit required change to make PeerOptions::parse() call
parseOptions() when 'options=' altered sslOptions instead of
delaying the parse to context creation.
This missed the fact that for GnuTLS the tlsMinVersion was
also updating the sslOptions string rather than the
parsedOptions variable later in the configuration process.

Call parseOptions() to reset the parsedOptions value whenever
sslOptions string is altered.

diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc
index 13b1e1cff94ad164e5354130712153135ba462b7..627e5c43ee99c6d4b9b3604207761a98d813d38a 100644 (file)
--- a/src/security/PeerOptions.cc
+++ b/src/security/PeerOptions.cc
@@ -182,6 +182,7 @@ Security::PeerOptions::updateTlsVersionLimits()
             if (sslOptions.isEmpty())
                 add.chop(1); // remove the initial ':'
             sslOptions.append(add);
+            parseOptions(); // sslOptions changed, reset parsedOptions
 #endif
 
         } else {
@@ -235,6 +236,7 @@ Security::PeerOptions::updateTlsVersionLimits()
                 sslOptions.append(add+1, strlen(add+1));
             else
                 sslOptions.append(add, strlen(add));
+            parseOptions(); // sslOptions changed, reset parsedOptions
 #endif
         }
         sslVersion = 0; // prevent sslOptions being repeatedly appended