From 541689105641410c7075b5b6c61a16d63e9b7ea9 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Wed, 10 Jun 2020 11:34:59 +0200
Subject: [PATCH] Temporarily parse [tls_client_auth] for backward
 compatibility

Document the change.

Fixes #1355
---
 ChangeLog                | 2 ++
 dnscrypt-proxy/config.go | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 60e908dd..a8e58a52 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -26,6 +26,8 @@ require it any more.
  - Service installation is now supported on FreeBSD.
  - When stored into a file, service logs now only contain data from the most
 recent launch. This can be changed with the new `log_file_latest` option.
+ - Breaking change: the `tls_client_auth` section was renamed to
+`doh_client_x509_auth`.
 
 * Version 2.0.42
  - The current versions of the `dnsdist` load balancer (presumably used
diff --git a/dnscrypt-proxy/config.go b/dnscrypt-proxy/config.go
index d743addb..19213a68 100644
--- a/dnscrypt-proxy/config.go
+++ b/dnscrypt-proxy/config.go
@@ -95,6 +95,7 @@ type Config struct {
 	QueryMeta                []string                    `toml:"query_meta"`
 	AnonymizedDNS            AnonymizedDNSConfig         `toml:"anonymized_dns"`
 	DoHClientX509Auth        DoHClientX509AuthConfig     `toml:"doh_client_x509_auth"`
+	DoHClientX509AuthLegacy  DoHClientX509AuthConfig     `toml:"tls_client_auth"`
 	DNS64                    DNS64Config                 `toml:"dns64"`
 }
 
@@ -510,6 +511,9 @@ func ConfigLoad(proxy *Proxy, flags *ConfigFlags) error {
 	}
 	proxy.skipAnonIncompatbibleResolvers = config.AnonymizedDNS.SkipIncompatible
 
+	if config.DoHClientX509AuthLegacy.Creds != nil {
+		dlog.Fatal("[tls_client_auth] has been renamed to [doh_client_x509_auth] - Update your config file.")
+	}
 	configClientCreds := config.DoHClientX509Auth.Creds
 	creds := make(map[string]DOHClientCreds)
 	for _, configClientCred := range configClientCreds {