From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Wed, 18 Jul 2018 04:10:00 +0000 (+0000)
Subject: Restored support for the https_port clientca option (#252)
X-Git-Tag: M-staged-PR252
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fbffd8a3e751dd2591788a58ca54eed53a6418a3;p=thirdparty%2Fsquid.git

Restored support for the https_port clientca option (#252)

Probably missing since commit 621f429.
---

diff --git a/src/security/ServerOptions.cc b/src/security/ServerOptions.cc
index 0f67f4f8d2..bad120662f 100644
--- a/src/security/ServerOptions.cc
+++ b/src/security/ServerOptions.cc
@@ -61,7 +61,9 @@ Security::ServerOptions::parse(const char *token)
     }
 
     // parse the server-only options
-    if (strncmp(token, "dh=", 3) == 0) {
+    if (strncmp(token, "clientca=", 9) == 0) {
+        clientCaFile = SBuf(token + 9);
+    } else if (strncmp(token, "dh=", 3) == 0) {
         // clear any previous Diffi-Helman configuration
         dh.clear();
         dhParamsFile.clear();
@@ -264,13 +266,14 @@ Security::ServerOptions::createStaticServerContext(AnyP::PortCfg &port)
         }
 #endif
 
+        if (!loadClientCaFile())
+            return false;
+
+        // by this point all config related files must be loaded
         if (!updateContextConfig(t)) {
             debugs(83, DBG_CRITICAL, "ERROR: Configuring static TLS context");
             return false;
         }
-
-        if (!loadClientCaFile())
-            return false;
     }
 
     staticContext = std::move(t);