From 1bf5c6c20f3d51f13d3240cfb46e471074c86276 Mon Sep 17 00:00:00 2001 From: Timo Sirainen Date: Thu, 29 Apr 2010 21:29:01 +0300 Subject: [PATCH] login proxy: "ssl" and "starttls" handlers make more sense now. - "starttls" no longer requires "ssl", and "starttls=anycert" is now possible. - "ssl=any-cert" updates the default port. - "ssl=anything" now also enables ssl instead of being ignored. --HG-- branch : HEAD --- src/login-common/client-common-auth.c | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/src/login-common/client-common-auth.c b/src/login-common/client-common-auth.c index 515bed4f4c..450eb5bfa3 100644 --- a/src/login-common/client-common-auth.c +++ b/src/login-common/client-common-auth.c @@ -90,18 +90,16 @@ static void client_auth_parse_args(struct client *client, else if (strcmp(key, "master") == 0) reply_r->master_user = value; else if (strcmp(key, "ssl") == 0) { - if (strcmp(value, "yes") == 0) { - reply_r->ssl_flags |= PROXY_SSL_FLAG_YES; - if (reply_r->port == 0) { - reply_r->port = - login_binary.default_ssl_port; - } - } else if (strcmp(value, "any-cert") == 0) { - reply_r->ssl_flags |= PROXY_SSL_FLAG_YES | - PROXY_SSL_FLAG_ANY_CERT; - } + reply_r->ssl_flags |= PROXY_SSL_FLAG_YES; + if (strcmp(value, "any-cert") == 0) + reply_r->ssl_flags |= PROXY_SSL_FLAG_ANY_CERT; + if (reply_r->port == 0) + reply_r->port = login_binary.default_ssl_port; } else if (strcmp(key, "starttls") == 0) { - reply_r->ssl_flags |= PROXY_SSL_FLAG_STARTTLS; + reply_r->ssl_flags |= PROXY_SSL_FLAG_YES | + PROXY_SSL_FLAG_STARTTLS; + if (strcmp(value, "any-cert") == 0) + reply_r->ssl_flags |= PROXY_SSL_FLAG_ANY_CERT; } else if (strcmp(key, "user") == 0) { /* already handled in login-common */ } else if (client->set->auth_debug) -- 2.47.3