From 2fa3d528aea1d4c7018e03c311246d81b81731e2 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 29 Apr 2025 11:52:47 +0200
Subject: [PATCH] openssl: first unload the provider, then free the context

Doing it in the reversed order causes bad problems inside OpenSSL.

Closes #17223
---
 lib/vtls/openssl.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 94e2de9736..96b2d88552 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -1947,9 +1947,6 @@ static struct curl_slist *ossl_engines_list(struct Curl_easy *data)
 
 static void ossl_provider_cleanup(struct Curl_easy *data)
 {
-  OSSL_LIB_CTX_free(data->state.libctx);
-  data->state.libctx = NULL;
-  Curl_safefree(data->state.propq);
   if(data->state.baseprov) {
     OSSL_PROVIDER_unload(data->state.baseprov);
     data->state.baseprov = NULL;
@@ -1958,6 +1955,9 @@ static void ossl_provider_cleanup(struct Curl_easy *data)
     OSSL_PROVIDER_unload(data->state.provider);
     data->state.provider = NULL;
   }
+  OSSL_LIB_CTX_free(data->state.libctx);
+  data->state.libctx = NULL;
+  Curl_safefree(data->state.propq);
   data->state.provider_loaded = FALSE;
 }
 
-- 
2.47.3