fix static-init ordering issue preventing ssl_certificates from being read at startup

2025-10-03 02:15:43 -04:00 · 2010-02-02 00:27:34 +00:00 · 2010-02-02 00:27:34 +00:00 · 5d724d16a8
commit 5d724d16a8
parent cf13954411
3 changed files with 16 additions and 18 deletions
--- a/panda/src/express/config_express.cxx
+++ b/panda/src/express/config_express.cxx
@ -69,22 +69,6 @@ ConfigVariableBool collect_tcp
 ConfigVariableDouble collect_tcp_interval
 ("collect-tcp-interval", 0.2);

-ConfigVariableFilename ca_bundle_filename
-("ca-bundle-filename", "",
- PRC_DESC("This names the certificate authority file for OpenSSL "
-          "to use to verify whether SSL certificates are trusted or not.  "
-          "The file named by this setting should contain one or more "
-          "PEM-formatted certificates from trusted certificate "
-          "authorities.  This is a fairly standard file; a copy of "
-          "ca-bundle.crt is included in the OpenSSL distribution, and "
-          "is also included with Panda."));
-
-ConfigVariableList ssl_certificates
-("ssl-certificates",
- PRC_DESC("This variable lists additional filenames, on top of the file "
-          "named by ca-bundle-filename, that contain trusted SSL "
-          "certificates or certificate authorities."));
-
 ////////////////////////////////////////////////////////////////////
 //     Function: init_libexpress
 //  Description: Initializes the library.  This must be called at
--- a/panda/src/express/config_express.h
+++ b/panda/src/express/config_express.h
@ -53,8 +53,6 @@ extern ConfigVariableBool keep_temporary_files;

 extern EXPCL_PANDAEXPRESS ConfigVariableBool collect_tcp;
 extern EXPCL_PANDAEXPRESS ConfigVariableDouble collect_tcp_interval;
-extern ConfigVariableFilename ca_bundle_filename;
-extern ConfigVariableList ssl_certificates;

 // Expose the Config variable for Python access.
 BEGIN_PUBLISH
--- a/panda/src/express/openSSLWrapper.cxx
+++ b/panda/src/express/openSSLWrapper.cxx
@ -44,10 +44,26 @@ OpenSSLWrapper() {
  load_certificates_from_der_ram((const char *)ca_bundle_data, ca_bundle_data_len);

  // Load in any default certificates listed in the Config.prc file.
+  ConfigVariableFilename ca_bundle_filename
+    ("ca-bundle-filename", "",
+     PRC_DESC("This names the certificate authority file for OpenSSL "
+              "to use to verify whether SSL certificates are trusted or not.  "
+              "The file named by this setting should contain one or more "
+              "PEM-formatted certificates from trusted certificate "
+              "authorities.  This is a fairly standard file; a copy of "
+              "ca-bundle.crt is included in the OpenSSL distribution, and "
+              "is also included with Panda."));
+  
  if (!ca_bundle_filename.empty()) {
    load_certificates(ca_bundle_filename);
  }

+  ConfigVariableList ssl_certificates
+    ("ssl-certificates",
+     PRC_DESC("This variable lists additional filenames, on top of the file "
+              "named by ca-bundle-filename, that contain trusted SSL "
+              "certificates or certificate authorities."));
+
  int num_certs = ssl_certificates.get_num_unique_values();
  for (int ci = 0; ci < num_certs; ci++) {
    string cert_file = ssl_certificates.get_unique_value(ci);