From: Amos Jeffries <squid3@treenet.co.nz>
Date: Tue, 15 Nov 2016 07:57:28 +0000 (+1300)
Subject: TLS: Make key= before cert= an error instead of quietly hiding the issue
X-Git-Tag: SQUID_3_5_23~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d73f30cb52d066cac47f35f8fe4920b60c414a95;p=thirdparty%2Fsquid.git

TLS: Make key= before cert= an error instead of quietly hiding the issue

This squid.conf setup is fatal in Squid-4. So best to fix these installations.
Even though Squdi-3 can cope with it.
---

diff --git a/src/cache_cf.cc b/src/cache_cf.cc
index 630f3e9786..ce4af39a52 100644
--- a/src/cache_cf.cc
+++ b/src/cache_cf.cc
@@ -2257,6 +2257,9 @@ parse_peer(CachePeer ** head)
             safe_free(p->sslcert);
             p->sslcert = xstrdup(token + 8);
         } else if (strncmp(token, "sslkey=", 7) == 0) {
+            if (!p->sslcert) {
+                debugs(3, DBG_CRITICAL, "ERROR: " << cfg_directive << ": sslcert= option must be set before sslkey= is used.");
+            }
             safe_free(p->sslkey);
             p->sslkey = xstrdup(token + 7);
         } else if (strncmp(token, "sslversion=", 11) == 0) {
@@ -3729,6 +3732,9 @@ parse_port_option(AnyP::PortCfgPointer &s, char *token)
         safe_free(s->cert);
         s->cert = xstrdup(token + 5);
     } else if (strncmp(token, "key=", 4) == 0) {
+        if (!s->cert) {
+            debugs(3, DBG_CRITICAL, "ERROR: " << cfg_directive << ": cert= option must be set before key= is used.");
+        }
         safe_free(s->key);
         s->key = xstrdup(token + 4);
     } else if (strncmp(token, "version=", 8) == 0) {