login proxy: "ssl" and "starttls" handlers make more sense now.

 - "starttls" no longer requires "ssl", and "starttls=anycert" is now possible.
 - "ssl=any-cert" updates the default port.
 - "ssl=anything" now also enables ssl instead of being ignored.

--HG--
branch : HEAD

diff --git a/src/login-common/client-common-auth.c b/src/login-common/client-common-auth.c
index 515bed4f4cbcabee346598aee112fa9999b6590b..450eb5bfa319a86aa511e25c65a4ed7d642fc54f 100644 (file)
--- a/src/login-common/client-common-auth.c
+++ b/src/login-common/client-common-auth.c
@@ -90,18 +90,16 @@ static void client_auth_parse_args(struct client *client,
                else if (strcmp(key, "master") == 0)
                        reply_r->master_user = value;
                else if (strcmp(key, "ssl") == 0) {
-                       if (strcmp(value, "yes") == 0) {
-                               reply_r->ssl_flags |= PROXY_SSL_FLAG_YES;
-                               if (reply_r->port == 0) {
-                                       reply_r->port =
-                                               login_binary.default_ssl_port;
-                               }
-                       } else if (strcmp(value, "any-cert") == 0) {
-                               reply_r->ssl_flags |= PROXY_SSL_FLAG_YES |
-                                       PROXY_SSL_FLAG_ANY_CERT;
-                       }
+                       reply_r->ssl_flags |= PROXY_SSL_FLAG_YES;
+                       if (strcmp(value, "any-cert") == 0)
+                               reply_r->ssl_flags |= PROXY_SSL_FLAG_ANY_CERT;
+                       if (reply_r->port == 0)
+                               reply_r->port = login_binary.default_ssl_port;
                } else if (strcmp(key, "starttls") == 0) {
-                       reply_r->ssl_flags |= PROXY_SSL_FLAG_STARTTLS;
+                       reply_r->ssl_flags |= PROXY_SSL_FLAG_YES |
+                               PROXY_SSL_FLAG_STARTTLS;
+                       if (strcmp(value, "any-cert") == 0)
+                               reply_r->ssl_flags |= PROXY_SSL_FLAG_ANY_CERT;
                } else if (strcmp(key, "user") == 0) {
                        /* already handled in login-common */
                } else if (client->set->auth_debug)