int cbtls_verify(int ok, X509_STORE_CTX *ctx);
/* TLS */
-tls_session_t *tls_new_session(fr_tls_server_conf_t *conf, REQUEST *request,
+void tls_global_init(void);
+tls_session_t *tls_new_session(fr_tls_server_conf_t *conf, REQUEST *request,
int client_cert);
tls_session_t *tls_new_client_session(fr_tls_server_conf_t *conf, int fd);
fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs);
if (ssl_check_version() < 0) {
exit(EXIT_FAILURE);
}
+
+ /*
+ * Initialising OpenSSL once, here, is safer than having individual
+ * modules do it.
+ */
+ tls_global_init();
#endif
if (flag && (flag != 0x03)) {
pairfree(&vp);
}
+/*
+ * Add all the default ciphers and message digests
+ * Create our context.
+ *
+ * This should be called exactly once from main.
+ */
+void tls_global_init(void)
+{
+ SSL_library_init();
+ SSL_load_error_strings();
+}
/*
* Create Global context SSL and use it in every new session
int type;
/*
- * Add all the default ciphers and message digests
- * Create our context.
- */
- SSL_library_init();
- SSL_load_error_strings();
-
- /*
* SHA256 is in all versions of OpenSSL, but isn't
* initialized by default. It's needed for WiMAX
* certificates.