From df3d7d09a69ec2fdf20a0d7374ddd69bf504c439 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Deuc=D0=B5?= <shurd@sasktel.net>
Date: Tue, 19 Dec 2023 02:09:01 -0500
Subject: [PATCH] Ensure do_cryptInit() is called before calling
 lock_ssl_cert()

---
 src/sbbs3/websrvr.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/sbbs3/websrvr.c b/src/sbbs3/websrvr.c
index 84751316c1..c5772d7b77 100644
--- a/src/sbbs3/websrvr.c
+++ b/src/sbbs3/websrvr.c
@@ -7238,12 +7238,19 @@ void web_server(void* arg)
 		 * Add interfaces
 		 */
 		xpms_add_list(ws_set, PF_UNSPEC, SOCK_STREAM, 0, startup->interfaces, startup->port, "Web Server", open_socket, startup->seteuid, NULL);
-		lock_ssl_cert();
-		if(scfg.tls_certificate != -1 && startup->options&WEB_OPT_ALLOW_TLS) {
-			if(do_cryptInit())
-				xpms_add_list(ws_set, PF_UNSPEC, SOCK_STREAM, 0, startup->tls_interfaces, startup->tls_port, "Secure Web Server", open_socket, startup->seteuid, "TLS");
+		if (startup->options & WEB_OPT_ALLOW_TLS) {
+			do_cryptInit(); // Must be called by someone before lock_ssl_cert()
+			lock_ssl_cert();
+			if(scfg.tls_certificate != -1) {
+				unlock_ssl_cert();
+				// Init was already called or tls_certificate would be -1...
+				if(do_cryptInit())
+					xpms_add_list(ws_set, PF_UNSPEC, SOCK_STREAM, 0, startup->tls_interfaces, startup->tls_port, "Secure Web Server", open_socket, startup->seteuid, "TLS");
+			}
+			else {
+				unlock_ssl_cert();
+			}
 		}
-		unlock_ssl_cert();
 
 		listInit(&log_list,/* flags */ LINK_LIST_MUTEX|LINK_LIST_SEMAPHORE);
 		if(startup->options&WEB_OPT_HTTP_LOGGING) {
-- 
GitLab