diff options
author | Richard Levitte <levitte@openssl.org> | 2017-11-25 12:02:58 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-12-08 16:09:30 +0100 |
commit | ad74ff046bea5b1f77ff7425598802b91924652d (patch) | |
tree | 1d8f016c0c5a03c901a3ff0084ed87de73004e5d /ssl | |
parent | fae00c9321e9d843355b37358a12756634e267e6 (diff) |
In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto()
IF OPENSSL_init_ssl() is called with the option flag
OPENSSL_INIT_LOAD_CONFIG, any SSL config will be handled wrongly
(i.e. there will be an attempt to load libssl_conf.so or whatever
corresponds to that on non-Unix platforms). Therefore, at least
SSL_add_ssl_module() MUST be called before OPENSSL_init_crypto() is
called. The base ssl init does that, plus adds all kinds of ciphers
and digests, which is harmless.
Fixes #4788
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4792)
(cherry picked from commit 0a90a6831e02e00d9043ada635421cfd3da5ffe2)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_init.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index b286a98dec..3e62d48111 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -191,11 +191,11 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings) return 0; } - if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS - | OPENSSL_INIT_ADD_ALL_DIGESTS, settings)) + if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base)) return 0; - if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base)) + if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS + | OPENSSL_INIT_ADD_ALL_DIGESTS, settings)) return 0; if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS) |