From: William Lallemand <wlallemand@haproxy.org>
Date: Fri, 2 Dec 2022 16:17:43 +0000 (+0100)
Subject: BUG/MINOR: ssl: initialize WolfSSL before parsing
X-Git-Tag: v2.8-dev1~181
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=151dbbe77849ea0aa8917a9321663c50a9aec613;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: initialize WolfSSL before parsing

The wolfSSL library need to be initialized before parsing the
configuration which uses some SSL functions.

To be backported in 2.6.
---

diff --git a/src/haproxy.c b/src/haproxy.c
index 7c1add8f6b..6076e0282d 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -1932,12 +1932,18 @@ static void init(int argc, char **argv)
 	struct pre_check_fct *prcf;
 	int ideal_maxconn;
 
-#if defined(USE_OPENSSL) && (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
+#ifdef USE_OPENSSL
+#ifdef USE_OPENSSL_WOLFSSL
+        wolfSSL_Init();
+        wolfSSL_Debugging_ON();
+#endif
+#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
 	/* Initialize the error strings of OpenSSL
 	 * It only needs to be done explicitly with older versions of the SSL
 	 * library. On newer versions, errors strings are loaded during start
 	 * up. */
 	SSL_load_error_strings();
+#endif
 #endif
 
 	startup_logs_init();
@@ -2308,11 +2314,6 @@ static void init(int argc, char **argv)
 	}
 
 #ifdef USE_OPENSSL
-#ifdef USE_OPENSSL_WOLFSSL
-        wolfSSL_Init();
-        wolfSSL_Debugging_ON();
-#endif
-
 
 	/* Initialize SSL random generator. Must be called before chroot for
 	 * access to /dev/urandom, and before ha_random_boot() which may use