Tweak openssl initialisation order

- We must test the result of SSL_CTX_new() ( and exit if there is an error)
  BEFORE to do the SSL_CTX_set_options

diff --git a/bacula/src/lib/tls.c b/bacula/src/lib/tls.c
index f412ee68a001c4059a1e845eb0cfa992aa6a8a1f..a112c15420af7453d67f4c4f59cea9350ebfe7b9 100644 (file)
--- a/bacula/src/lib/tls.c
+++ b/bacula/src/lib/tls.c
@@ -270,6 +270,11 @@ TLS_CONTEXT *new_tls_context(const char *ca_certfile, const char *ca_certdir,
 
 #endif
 
+   if (!ctx->openssl) {
+      openssl_post_errors(M_FATAL, _("Error initializing SSL context"));
+      goto err;
+   }
+
    /* Use SSL_OP_ALL to turn on all "rather harmless" workarounds that
     * OpenSSL offers 
     */
@@ -278,11 +283,6 @@ TLS_CONTEXT *new_tls_context(const char *ca_certfile, const char *ca_certdir,
    /* Now disable old broken SSLv3 and SSLv2 protocols */
    SSL_CTX_set_options(ctx->openssl, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 
-   if (!ctx->openssl) {
-      openssl_post_errors(M_FATAL, _("Error initializing SSL context"));
-      goto err;
-   }
-
    /* Set up pem encryption callback */
    if (pem_callback) {
       ctx->pem_callback = pem_callback;