From 44c80ce5b397b8571b53ab75f12065166b1eea27 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.org>
Date: Fri, 2 Dec 2022 17:06:59 +0100
Subject: [PATCH] BUG/MINOR: ssl: initialize SSL error before parsing

The SSL error initialization need to be done before the configuration
parsing, because it uses the SSL.

Need to be backported to 2.6.
---
 src/haproxy.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/haproxy.c b/src/haproxy.c
index 822e059ee9..7c1add8f6b 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -1932,6 +1932,14 @@ static void init(int argc, char **argv)
 	struct pre_check_fct *prcf;
 	int ideal_maxconn;
 
+#if defined(USE_OPENSSL) && (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
+	/* Initialize the error strings of OpenSSL
+	 * It only needs to be done explicitly with older versions of the SSL
+	 * library. On newer versions, errors strings are loaded during start
+	 * up. */
+	SSL_load_error_strings();
+#endif
+
 	startup_logs_init();
 
 	if (!init_trash_buffers(1)) {
@@ -2305,13 +2313,6 @@ static void init(int argc, char **argv)
         wolfSSL_Debugging_ON();
 #endif
 
-#if (HA_OPENSSL_VERSION_NUMBER < 0x1010000fL)
-	/* Initialize the error strings of OpenSSL
-	 * It only needs to be done explicitly with older versions of the SSL
-	 * library. On newer versions, errors strings are loaded during start
-	 * up. */
-	SSL_load_error_strings();
-#endif
 
 	/* Initialize SSL random generator. Must be called before chroot for
 	 * access to /dev/urandom, and before ha_random_boot() which may use
-- 
2.47.3