From 5d724d16a8de48c6d90f65f5f52668784dc7232c Mon Sep 17 00:00:00 2001 From: David Rose Date: Tue, 2 Feb 2010 00:27:34 +0000 Subject: [PATCH] fix static-init ordering issue preventing ssl_certificates from being read at startup --- panda/src/express/config_express.cxx | 16 ---------------- panda/src/express/config_express.h | 2 -- panda/src/express/openSSLWrapper.cxx | 16 ++++++++++++++++ 3 files changed, 16 insertions(+), 18 deletions(-) diff --git a/panda/src/express/config_express.cxx b/panda/src/express/config_express.cxx index 0eac3f6dfd..9961ec5b8a 100644 --- a/panda/src/express/config_express.cxx +++ b/panda/src/express/config_express.cxx @@ -69,22 +69,6 @@ ConfigVariableBool collect_tcp ConfigVariableDouble collect_tcp_interval ("collect-tcp-interval", 0.2); -ConfigVariableFilename ca_bundle_filename -("ca-bundle-filename", "", - PRC_DESC("This names the certificate authority file for OpenSSL " - "to use to verify whether SSL certificates are trusted or not. " - "The file named by this setting should contain one or more " - "PEM-formatted certificates from trusted certificate " - "authorities. This is a fairly standard file; a copy of " - "ca-bundle.crt is included in the OpenSSL distribution, and " - "is also included with Panda.")); - -ConfigVariableList ssl_certificates -("ssl-certificates", - PRC_DESC("This variable lists additional filenames, on top of the file " - "named by ca-bundle-filename, that contain trusted SSL " - "certificates or certificate authorities.")); - //////////////////////////////////////////////////////////////////// // Function: init_libexpress // Description: Initializes the library. This must be called at diff --git a/panda/src/express/config_express.h b/panda/src/express/config_express.h index 38149399ab..cc44eeff1e 100644 --- a/panda/src/express/config_express.h +++ b/panda/src/express/config_express.h @@ -53,8 +53,6 @@ extern ConfigVariableBool keep_temporary_files; extern EXPCL_PANDAEXPRESS ConfigVariableBool collect_tcp; extern EXPCL_PANDAEXPRESS ConfigVariableDouble collect_tcp_interval; -extern ConfigVariableFilename ca_bundle_filename; -extern ConfigVariableList ssl_certificates; // Expose the Config variable for Python access. BEGIN_PUBLISH diff --git a/panda/src/express/openSSLWrapper.cxx b/panda/src/express/openSSLWrapper.cxx index 0aa7445e9e..a24e60a4fe 100644 --- a/panda/src/express/openSSLWrapper.cxx +++ b/panda/src/express/openSSLWrapper.cxx @@ -44,10 +44,26 @@ OpenSSLWrapper() { load_certificates_from_der_ram((const char *)ca_bundle_data, ca_bundle_data_len); // Load in any default certificates listed in the Config.prc file. + ConfigVariableFilename ca_bundle_filename + ("ca-bundle-filename", "", + PRC_DESC("This names the certificate authority file for OpenSSL " + "to use to verify whether SSL certificates are trusted or not. " + "The file named by this setting should contain one or more " + "PEM-formatted certificates from trusted certificate " + "authorities. This is a fairly standard file; a copy of " + "ca-bundle.crt is included in the OpenSSL distribution, and " + "is also included with Panda.")); + if (!ca_bundle_filename.empty()) { load_certificates(ca_bundle_filename); } + ConfigVariableList ssl_certificates + ("ssl-certificates", + PRC_DESC("This variable lists additional filenames, on top of the file " + "named by ca-bundle-filename, that contain trusted SSL " + "certificates or certificate authorities.")); + int num_certs = ssl_certificates.get_num_unique_values(); for (int ci = 0; ci < num_certs; ci++) { string cert_file = ssl_certificates.get_unique_value(ci);