From f07b1f726d0a600bd0bc1337f42104340a6d2d9f Mon Sep 17 00:00:00 2001
From: Fabian Mauchle <fabian.mauchle@switch.ch>
Date: Thu, 22 Jul 2021 17:41:34 +0200
Subject: [PATCH] improve config check error reporting

---
 radsecproxy.c | 4 ++--
 tlscommon.c   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/radsecproxy.c b/radsecproxy.c
index e7a9bb3..01ffa52 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -2416,7 +2416,7 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
                 ? tlsgettls(conf->tls, NULL)
                 : tlsgettls("defaultClient", "default");
         if (!conf->tlsconf)
-            debugx(1, DBG_ERR, "error in block %s, no tls context defined", block);
+            debugx(1, DBG_ERR, "error in block %s, tls context not defined", block);
         if (matchcertattrs) {
             for (i=0; matchcertattrs[i]; i++){
                 if (!addmatchcertattr(conf, matchcertattrs[i])) {
@@ -2485,7 +2485,7 @@ int confclient_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
                 existing->tlsconf != conf->tlsconf &&
                 hostportmatches(existing->hostports, conf->hostports, 0)) {
 
-                debugx(1, DBG_ERR, "error in block %s, overlapping clients must reference the same tls block", block);
+                debugx(1, DBG_ERR, "error in block %s, masked by overlapping (equal or less specific IP/prefix) client %s with different tls block", block, existing->name);
             }
         }
     }
diff --git a/tlscommon.c b/tlscommon.c
index d541bb1..d423aba 100644
--- a/tlscommon.c
+++ b/tlscommon.c
@@ -506,7 +506,7 @@ struct tls *tlsgettls(char *alt1, char *alt2) {
     struct tls *t;
 
     t = hash_read(tlsconfs, alt1, strlen(alt1));
-    if (!t)
+    if (!t && alt2)
 	t = hash_read(tlsconfs, alt2, strlen(alt2));
     return t;
 }