From: Amos Jeffries <squid3@treenet.co.nz>
Date: Wed, 16 Dec 2015 23:17:16 +0000 (+1300)
Subject: Polish: update tls-no-default-ca logic to match tls-no-npn
X-Git-Tag: SQUID_4_0_4~37
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b2cd014b3cbc31f723d29db9690153b5b93cc01e;p=thirdparty%2Fsquid.git

Polish: update tls-no-default-ca logic to match tls-no-npn
---

diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc
index 34829919a4..d849af3140 100644
--- a/src/security/PeerOptions.cc
+++ b/src/security/PeerOptions.cc
@@ -92,7 +92,7 @@ Security::PeerOptions::parse(const char *token)
         sslFlags = SBuf(token + 6);
         parsedFlags = parseFlags();
     } else if (strncmp(token, "no-default-ca", 13) == 0) {
-        flags.noDefaultCa = true;
+        flags.tlsDefaultCa = false;
     } else if (strncmp(token, "domain=", 7) == 0) {
         sslDomain = SBuf(token + 7);
     } else if (strncmp(token, "no-npn", 6) == 0) {
@@ -140,7 +140,7 @@ Security::PeerOptions::dumpCfg(Packable *p, const char *pfx) const
     if (!sslFlags.isEmpty())
         p->appendf(" %sflags=" SQUIDSBUFPH, pfx, SQUIDSBUFPRINT(sslFlags));
 
-    if (flags.noDefaultCa)
+    if (!flags.tlsDefaultCa)
         p->appendf(" %sno-default-ca", pfx);
 
     if (!flags.tlsNpn)
@@ -503,7 +503,7 @@ Security::PeerOptions::parseFlags()
             fatalf("Unknown TLS flag '" SQUIDSBUFPH "'", SQUIDSBUFPRINT(tok.remaining()));
         if (found == SSL_FLAG_NO_DEFAULT_CA) {
             debugs(83, DBG_PARSE_NOTE(2), "UPGRADE WARNING: flags=NO_DEFAULT_CA is deprecated. Use tls-no-default-ca instead.");
-            flags.noDefaultCa = true;
+            flags.tlDefaultCa = false;
         } else
             fl |= found;
     } while (tok.skipOne(delims));
@@ -577,7 +577,7 @@ Security::PeerOptions::updateContextCa(Security::ContextPtr &ctx)
 #endif
     }
 
-    if (flags.noDefaultCa)
+    if (!flags.tlsDefaultCa)
         return;
 
 #if USE_OPENSSL
diff --git a/src/security/PeerOptions.h b/src/security/PeerOptions.h
index 59f9945bf4..8d30098c60 100644
--- a/src/security/PeerOptions.h
+++ b/src/security/PeerOptions.h
@@ -80,10 +80,10 @@ private:
 
     /// flags governing Squid internal TLS operations
     struct flags_ {
-        flags_() : noDefaultCa(false), tlsNpn(true) {}
+        flags_() : tlsDefaultCa(true), tlsNpn(true) {}
 
-        /// do not use the system default Trusted CA when verifying the remote end certificate
-        bool noDefaultCa;
+        /// whether to use the system default Trusted CA when verifying the remote end certificate
+        bool tlsDefaultCa;
 
         /// whether to use the TLS NPN extension on these connections
         bool tlsNpn;