From: Amos Jeffries <amosjeffries@squid-cache.org>
Date: Sat, 10 Nov 2018 04:00:12 +0000 (+1300)
Subject: Fix tls-min-version= being ignored
X-Git-Tag: SQUID_5_0_1~91
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e15927a664cc2a0c70e0e2b4ce87b615fa8367dd;p=thirdparty%2Fsquid.git

Fix tls-min-version= being ignored

Audit required change to make PeerOptions::parse() call
parseOptions() when 'options=' altered sslOptions instead of
delaying the parse to context creation.
This missed the fact that for GnuTLS the tlsMinVersion was
also updating the sslOptions string rather than the
parsedOptions variable later in the configuration process.

Call parseOptions() to reset the parsedOptions value whenever
sslOptions string is altered.
---

diff --git a/src/security/PeerOptions.cc b/src/security/PeerOptions.cc
index 13b1e1cff9..627e5c43ee 100644
--- a/src/security/PeerOptions.cc
+++ b/src/security/PeerOptions.cc
@@ -182,6 +182,7 @@ Security::PeerOptions::updateTlsVersionLimits()
             if (sslOptions.isEmpty())
                 add.chop(1); // remove the initial ':'
             sslOptions.append(add);
+            parseOptions(); // sslOptions changed, reset parsedOptions
 #endif
 
         } else {
@@ -235,6 +236,7 @@ Security::PeerOptions::updateTlsVersionLimits()
                 sslOptions.append(add+1, strlen(add+1));
             else
                 sslOptions.append(add, strlen(add));
+            parseOptions(); // sslOptions changed, reset parsedOptions
 #endif
         }
         sslVersion = 0; // prevent sslOptions being repeatedly appended