read the TLS data first, before the VPs

diff --git a/src/main/tls.c b/src/main/tls.c
index 6cd912f..5984c22 100644 (file)
--- a/src/main/tls.c
+++ b/src/main/tls.c
@@ -1459,16 +1459,6 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l
                struct stat     st;
                VALUE_PAIR      *vps = NULL;
 
-               /* read in the cached VPs from the .vps file */
-               snprintf(filename, sizeof(filename), "%s%c%s.vps",
-                        conf->session_cache_path, FR_DIR_SEP, buffer);
-               rv = pairlist_read(talloc_ctx, filename, &pairlist, 1);
-               if (rv < 0) {
-                       /* not safe to un-persist a session w/o VPs */
-                       RWDEBUG("Failed loading persisted VPs for session %s", buffer);
-                       goto err;
-               }
-
                /* load the actual SSL session */
                snprintf(filename, sizeof(filename), "%s%c%s.asn1", conf->session_cache_path, FR_DIR_SEP, buffer);
                fd = open(filename, O_RDONLY);
@@ -1524,6 +1514,16 @@ static SSL_SESSION *cbtls_get_session(SSL *ssl, const unsigned char *data, int l
                        goto err;
                }
 
+               /* read in the cached VPs from the .vps file */
+               snprintf(filename, sizeof(filename), "%s%c%s.vps",
+                        conf->session_cache_path, FR_DIR_SEP, buffer);
+               rv = pairlist_read(talloc_ctx, filename, &pairlist, 1);
+               if (rv < 0) {
+                       /* not safe to un-persist a session w/o VPs */
+                       RWDEBUG("Failed loading persisted VPs for session %s", buffer);
+                       goto err;
+               }
+
                /* move the cached VPs into the session */
                fr_pair_list_mcopy_by_num(talloc_ctx, &vps, &pairlist->reply, 0, 0, TAG_ANY);