From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Sun, 3 Aug 2014 11:13:01 +0000 (-0600)
Subject: Fix %USER_CA_CERT_* and %CA_CERT_ external_acl formating codes
X-Git-Tag: SQUID_3_4_7~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7f12ff9b3db21ca015fe64704b04e460a8982c6c;p=thirdparty%2Fsquid.git

Fix %USER_CA_CERT_* and %CA_CERT_ external_acl formating codes

* The attribute part of the %USER_CA_CERT_xx and %CA_CERT_xx formating codes
  is not parsed correctly, make these formating codes useless.
* The %USER_CA_CERT_xx documented wrongly
---

diff --git a/src/cf.data.pre b/src/cf.data.pre
index b4b2c208dd..3d27099ca7 100644
--- a/src/cf.data.pre
+++ b/src/cf.data.pre
@@ -715,7 +715,7 @@ DOC_START
 	  %USER_CERT	SSL User certificate in PEM format
 	  %USER_CERTCHAIN SSL User certificate chain in PEM format
 	  %USER_CERT_xx	SSL User certificate subject attribute xx
-	  %USER_CA_xx	SSL User certificate issuer attribute xx
+	  %USER_CA_CERT_xx SSL User certificate issuer attribute xx
 
 	  %>{Header}	HTTP request header "Header"
 	  %>{Hdr:member}
diff --git a/src/external_acl.cc b/src/external_acl.cc
index 33451377d8..b762e22174 100644
--- a/src/external_acl.cc
+++ b/src/external_acl.cc
@@ -473,13 +473,13 @@ parse_externalAclHelper(external_acl ** list)
         else if (strncmp(token, "%USER_CERT_", 11) == 0) {
             format->type = _external_acl_format::EXT_ACL_USER_CERT;
             format->header = xstrdup(token + 11);
-        } else if (strncmp(token, "%USER_CA_CERT_", 11) == 0) {
+        } else if (strncmp(token, "%USER_CA_CERT_", 14) == 0) {
             format->type = _external_acl_format::EXT_ACL_USER_CA_CERT;
-            format->header = xstrdup(token + 11);
-        } else if (strncmp(token, "%CA_CERT_", 11) == 0) {
+            format->header = xstrdup(token + 14);
+        } else if (strncmp(token, "%CA_CERT_", 9) == 0) {
             debugs(82, DBG_PARSE_NOTE(DBG_IMPORTANT), "WARNING: external_acl_type %CA_CERT_* code is obsolete. Use %USER_CA_CERT_* instead");
             format->type = _external_acl_format::EXT_ACL_USER_CA_CERT;
-            format->header = xstrdup(token + 11);
+            format->header = xstrdup(token + 9);
         }
 #endif
 #if USE_AUTH