From: William Lallemand <wlallemand@haproxy.org>
Date: Fri, 2 Dec 2022 16:06:59 +0000 (+0100)
Subject: BUG/MINOR: ssl: initialize SSL error before parsing
X-Git-Tag: v2.8-dev1~182
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=44c80ce5b397b8571b53ab75f12065166b1eea27;p=thirdparty%2Fhaproxy.git

BUG/MINOR: ssl: initialize SSL error before parsing

The SSL error initialization need to be done before the configuration
parsing, because it uses the SSL.

Need to be backported to 2.6.
---

diff --git a/src/haproxy.c b/src/haproxy.c
index 822e059ee9..7c1add8f6b 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -1932,6 +1932,14 @@ static void init(int argc, char **argv)
 	struct pre_check_fct *prcf;
 	int ideal_maxconn;
 
+#if defined(USE_OPENSSL) && (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
+	/* Initialize the error strings of OpenSSL
+	 * It only needs to be done explicitly with older versions of the SSL
+	 * library. On newer versions, errors strings are loaded during start
+	 * up. */
+	SSL_load_error_strings();
+#endif
+
 	startup_logs_init();
 
 	if (!init_trash_buffers(1)) {
@@ -2305,13 +2313,6 @@ static void init(int argc, char **argv)
         wolfSSL_Debugging_ON();
 #endif
 
-#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
-	/* Initialize the error strings of OpenSSL
-	 * It only needs to be done explicitly with older versions of the SSL
-	 * library. On newer versions, errors strings are loaded during start
-	 * up. */
-	SSL_load_error_strings();
-#endif
 
 	/* Initialize SSL random generator. Must be called before chroot for
 	 * access to /dev/urandom, and before ha_random_boot() which may use