From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 22 Jul 2016 08:38:30 +0000 (+1200)
Subject: Add missing 'tls' option for cache_peer
X-Git-Tag: SQUID_4_0_13~24
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0ff7e52d1567797185cf427675dd960e849665e4;p=thirdparty%2Fsquid.git

Add missing 'tls' option for cache_peer
---

diff --git a/doc/release-notes/release-4.sgml b/doc/release-notes/release-4.sgml
index 25971bb7b2..167eaf7297 100644
--- a/doc/release-notes/release-4.sgml
+++ b/doc/release-notes/release-4.sgml
@@ -236,6 +236,8 @@ This section gives a thorough account of those changes in three categories:
 	<tag>cache_peer</tag>
 	<p>New option <em>auth-no-keytab</em> to let GSSAPI implementation determine
 	   which Kerberos credentials to use, instead of specifying a keytab.
+	<p>Replaced option <em>ssl</em> with <em>tls</em>. Use of any
+	   <em>tls-</em> prefixed options implies <em>tls</em> is enabled.
 	<p>New option <em>tls-min-version=1.N</em> to set minimum TLS version allowed.
 	<p>New option <em>tls-default-ca</em> replaces <em>sslflags=NO_DEFAULT_CA</em>
 	<p>New option <em>tls-no-npn</em> to disable sending TLS NPN extension.
@@ -243,7 +245,8 @@ This section gives a thorough account of those changes in three categories:
 	   have been removed.
 	<p>Removed <em>sslversion=</em> option. Use <em>tls-options=</em> instead.
 	<p>Manual squid.conf update may be required on upgrade.
-	<p>Replaced <em>sslcafile=</em> with <em>tls-cafile=</em> which takes multiple entries.
+	<p>Replaced option <em>sslcafile=</em> with <em>tls-cafile=</em>
+	   which takes multiple entries.
 
 	<tag>external_acl_type</tag>
 	<p>New parameter <em>queue-size=</em> to set the maximum number
diff --git a/src/cache_cf.cc b/src/cache_cf.cc
index 2e23180161..f82aa9e31c 100644
--- a/src/cache_cf.cc
+++ b/src/cache_cf.cc
@@ -2204,6 +2204,8 @@ parse_peer(CachePeer ** head)
 #endif
         } else if (strncmp(token, "tls-", 4) == 0) {
             p->secure.parse(token+4);
+        } else if (strncmp(token, "tls", 3) == 0) {
+            p->secure.parse(token+3);
         } else if (strcmp(token, "front-end-https") == 0) {
             p->front_end_https = 1;
         } else if (strcmp(token, "front-end-https=on") == 0) {
diff --git a/src/cf.data.pre b/src/cf.data.pre
index 26fe3786b0..3a43f68983 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -3308,7 +3308,7 @@ DOC_START
 	
 	==== SSL / HTTPS / TLS OPTIONS ====
 	
-	ssl		Encrypt connections to this peer with SSL/TLS.
+	tls		Encrypt connections to this peer with TLS.
 	
 	sslcert=/path/to/ssl/certificate
 			A client SSL certificate to use when connecting to