Merge pull request #164 from florida63/fix-sslpeerverification

add LOG_ERR for SSLPeerVerification and SSLAvailable

Author: mhaas

src/conf.c

@@ -329,8 +329,11 @@ parse_auth_server(FILE * file, const char *filename, int *linenum)
                 break;
             case oAuthServSSLAvailable:
                 ssl_available = parse_boolean_value(p2);
-                if (ssl_available < 0)
-                    ssl_available = 0;
+                if (ssl_available < 0) {
+                    debug(LOG_WARNING, "Bad syntax for Parameter: SSLAvailable on line %d " "in %s."
+                        "The syntax is yes or no." , *linenum, filename);
+                    exit(-1);
+                }
                 break;
             case oBadOption:
             default:
@@ -746,8 +749,11 @@ config_read(const char *filename)
                     break;
                 case oSSLPeerVerification:
                     config.ssl_verify = parse_boolean_value(p1);
-                    if (config.ssl_verify < 0)
-                        config.ssl_verify = 0;
+                    if (config.ssl_verify < 0) {
+                        debug(LOG_WARNING, "Bad syntax for Parameter: SSLPeerVerification on line %d " "in %s."
+                            "The syntax is yes or no." , linenum, filename);
+                        exit(-1);
+                    }
 #ifndef USE_CYASSL
                     debug(LOG_WARNING, "SSLPeerVerification is set but no SSL compiled in. Ignoring!");
 #endif

wifidog.conf

@@ -165,14 +165,14 @@ GatewayInterface br-lan
 ClientTimeout 5
 
 # Parameter: SSLPeerVerification
-# Default: Yes
+# Default: yes
 # Optional
 #
 # Enable peer certificate verification when talking to the auth
 # server over SSL/TLS. Disabling this setting is mainly useful if
 # you do not want  to install ca-certificates.
 #
-# If this setting is set to Yes, then the certificates in
+# If this setting is set to yes, then the certificates in
 # the directory indicated by SSLCertPath will be used to
 # verify the auth server.
 #
@@ -183,15 +183,15 @@ ClientTimeout 5
 # to False for the auth server in question. Note that this will disable
 # HTTPS when redirecting clients to your auth server.
 #
-# SSLPeerVerification Yes
+# SSLPeerVerification yes
 
 # Parameter: SSLCertPath
 # Default: /etc/ssl/certs/
 # Optional
 #
 # Where to look for SSL certificates to verify the auth servers
 # certificate. Note that these will only be used if the auth server
-# in question is configured with SSLAvailable Yes.
+# in question is configured with SSLAvailable yes.
 #
 # The certificates in this directory must be named by their hash
 # value. For OpenWRT, you need a ca-certificates package newer