In OPENSSL_init_ssl(), run the base ssl init before OPENSSL_init_crypto()

IF OPENSSL_init_ssl() is called with the option flag OPENSSL_INIT_LOAD_CONFIG, any SSL config will be handled wrongly (i.e. there will be an attempt to load libssl_conf.so or whatever corresponds to that on non-Unix platforms). Therefore, at least SSL_add_ssl_module() MUST be called before OPENSSL_init_crypto() is called. The base ssl init does that, plus adds all kinds of ciphers and digests, which is harmless. Fixes #4788 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4792)
2025-04-06 20:20:50 +08:00 · 2017-11-25 12:02:58 +01:00 · 2017-11-25 12:02:58 +01:00 · 0a90a6831e
commit 0a90a6831e
parent a14715888b
1 changed files with 3 additions and 3 deletions
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@ -195,11 +195,11 @@ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS * settings)
        return 0;
    }

-    if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
-                             | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
+    if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
        return 0;

-    if (!RUN_ONCE(&ssl_base, ossl_init_ssl_base))
+    if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS
+                             | OPENSSL_INIT_ADD_ALL_DIGESTS, settings))
        return 0;

    if ((opts & OPENSSL_INIT_NO_LOAD_SSL_STRINGS)