From: Alain Spineux <alain@baculasystems.com>
Date: Mon, 23 Nov 2020 12:21:40 +0000 (+0100)
Subject: Tweak openssl initialisation order
X-Git-Tag: Release-11.3.2~832
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=702a485fceffb43814f7247b8556fa67ffb0e775;p=thirdparty%2Fbacula.git

Tweak openssl initialisation order

- We must test the result of SSL_CTX_new() ( and exit if there is an error)
  BEFORE to do the SSL_CTX_set_options
---

diff --git a/bacula/src/lib/tls.c b/bacula/src/lib/tls.c
index f412ee68a..a112c1542 100644
--- a/bacula/src/lib/tls.c
+++ b/bacula/src/lib/tls.c
@@ -270,6 +270,11 @@ TLS_CONTEXT *new_tls_context(const char *ca_certfile, const char *ca_certdir,
 
 #endif
 
+   if (!ctx->openssl) {
+      openssl_post_errors(M_FATAL, _("Error initializing SSL context"));
+      goto err;
+   }
+
    /* Use SSL_OP_ALL to turn on all "rather harmless" workarounds that
     * OpenSSL offers 
     */
@@ -278,11 +283,6 @@ TLS_CONTEXT *new_tls_context(const char *ca_certfile, const char *ca_certdir,
    /* Now disable old broken SSLv3 and SSLv2 protocols */
    SSL_CTX_set_options(ctx->openssl, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 
-   if (!ctx->openssl) {
-      openssl_post_errors(M_FATAL, _("Error initializing SSL context"));
-      goto err;
-   }
-
    /* Set up pem encryption callback */
    if (pem_callback) {
       ctx->pem_callback = pem_callback;